In February 2018 the StealthPhish attack caused millions of dollars in losses to the Fortune 500 companies and it had no malware component. Employees simply handed over their passwords for Office 365, Google Apps, OneDrive and Yahoo mail to adversaries. Cybercriminals used over 528 domains which were deployed in advance, neither blocked by security technologies nor listed in threat intelligence feeds. It is imperative to discover and block attackers infrastructure before they get in. Anti-Phishing Framework makes this possible by combining Indicators of Compromise from leading threat intelligence platforms, open-source feeds and SOC Prime’s pre-IOC intelligence discovered during the StealthPhish investigation.
Read full investigation on StealthPhish at: https://socprime.com/en/blog/stealthphish-investigation-528-domains-involved-in-bec-attack-against-fortune-500-companies