Threat actors are using compromised email accounts to send phishing emails containing links to PDF files hosted on Autodesk Drive, cybersecurity firm Netcraft warns.
As part of the observed incidents, the attackers use compromised email accounts to send phishing emails to existing contacts, and even use the senders’ signature footers, so that their messages appear legitimate.
In the message body, the attackers have included a shortened link to a malicious PDF hosted on the Autodesk Drive data sharing platform, which also includes the sender’s name and their company’s name, to further increase the sense of legitimacy.
When the recipient attempts to view the document, they are taken to a phishing page and asked to provide their Microsoft account username and password.
After entering their login information, one of the victims was redirected to a OneDrive-hosted document containing information about real estate investment, to hide the fact that the credentials had just been stolen.
“Armed with victims’ Microsoft credentials, the criminals behind these attacks could gain unauthorized access to sensitive company data, as well as being able to send even more phishing emails from the compromised Microsoft accounts,” Netcraft notes.
Autodesk Drive is a service that enables Autodesk customers to share design files, including PDF documents.
According to the cybersecurity firm, the attackers have tailored their attacks for multiple countries and regions, as evidenced by the existence in Autodesk Drive of malicious PDF documents written in several languages.
“The scale of these attacks and the use of customized PDF documents suggests some degree of templating and automation, leading to a series of well-targeted compromises that has the potential to spread worldwide like a virus,” Netcraft says.
Related: Phishing Platform LabHost Shut Down by Law Enforcement
Related: Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks
Related: FCC Employees Targeted in Sophisticated Phishing Attacks
Related: LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts
