Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Autodesk Drive Abused in Phishing Attacks 

A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.

Threat actors are using compromised email accounts to send phishing emails containing links to PDF files hosted on Autodesk Drive, cybersecurity firm Netcraft warns.

As part of the observed incidents, the attackers use compromised email accounts to send phishing emails to existing contacts, and even use the senders’ signature footers, so that their messages appear legitimate.

In the message body, the attackers have included a shortened link to a malicious PDF hosted on the Autodesk Drive data sharing platform, which also includes the sender’s name and their company’s name, to further increase the sense of legitimacy.

When the recipient attempts to view the document, they are taken to a phishing page and asked to provide their Microsoft account username and password.

After entering their login information, one of the victims was redirected to a OneDrive-hosted document containing information about real estate investment, to hide the fact that the credentials had just been stolen.

“Armed with victims’ Microsoft credentials, the criminals behind these attacks could gain unauthorized access to sensitive company data, as well as being able to send even more phishing emails from the compromised Microsoft accounts,” Netcraft notes.

Autodesk Drive is a service that enables Autodesk customers to share design files, including PDF documents. 

According to the cybersecurity firm, the attackers have tailored their attacks for multiple countries and regions, as evidenced by the existence in Autodesk Drive of malicious PDF documents written in several languages.

Advertisement. Scroll to continue reading.

“The scale of these attacks and the use of customized PDF documents suggests some degree of templating and automation, leading to a series of well-targeted compromises that has the potential to spread worldwide like a virus,” Netcraft says.

Related: Phishing Platform LabHost Shut Down by Law Enforcement

Related: Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks

Related: FCC Employees Targeted in Sophisticated Phishing Attacks

Related: LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights