BREAKING AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

Malware Sandbox Any.Run Targeted in Phishing Attack

Employees of the Any.Run malware analysis service were recently targeted in a phishing attack that was part of a BEC campaign.

The malware analysis service Any.Run on Monday shared details on a recent phishing attack targeting its employees. 

The incident came to light on June 18, when all the employees of the malware sandbox service received a phishing email from another Any.Run employee. The attacker’s access was terminated within minutes, but an investigation showed that the hacker was present for several weeks.

The attack started on May 23, 2024, when an employee in Any.Run’s sales team received an email from a client they had previously communicated with. 

The email contained a link and the employee did upload the message to a sandbox to check whether it posed a threat. However, since the link pointed to a trusted website that had been compromised and the sandbox environment was not properly configured, the threat was not detected.

The employee clicked on the link and was led to a Microsoft phishing website that prompted them to enter their login credentials and multi-factor authentication (MFA) code. The information was entered on the phishing page and the attacker was provided with everything they needed to access the employee’s account. 

The attacker added their own mobile device for MFA in an effort to maintain access. The hacker also installed an application that allowed them to steal the information stored in the victim’s email account. 

The attacker first accessed the Any.Run employee’s email account on May 27 and had access to it until June 18, when they sent out phishing emails to all the individuals in the employee’s contact list. 

At this point, the malicious link from the attacker’s email was already present in Any.Run’s threat intelligence database after being identified during sandbox analysis sessions by free users of the service. 

Advertisement. Scroll to continue reading.

Once the breach was discovered, Any.Run rushed to revoke the attacker’s access and took steps to prevent such incidents in the future. 

The company pointed out that the employee whose email account was compromised did not have access to the production environment or any code base.

Any.Run is still investigating the incident, but believes it’s part of a business email compromise (BEC) campaign. 

Indicators of compromise (IoCs) have been made available to help others detect potential attacks. 

Related: Autodesk Drive Abused in Phishing Attacks 

Related: Phishing Platform LabHost Shut Down by Law Enforcement

Related: Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks

Related: FCC Employees Targeted in Sophisticated Phishing Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as new CRO

Identity orchestration provider Strata Identity appoints Aldo Pietropaolo as Field CTO

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights