BitB attack against Ukraine!
It has been reported by Google Threat Analysis Group (TAG) that APT actor Ghostwriter which is state sponsored by Belarusian Ministry of Defense is working with Iran on cyber attacks against Ukraine!! 😤😤
Ghostwriter has been using Browser-in-the-browser (BitB) phishing technique to steal credentials from victims. BitB was disclosed by security researcher mr.d0x, and these exploits usually start with creating poisoned pop-up windows that are used when logging into a site with a third-party single sign-on (SSO) like google or Facebook.
Mr. d0x explains in this post that poisoned window can be replicated easily using HTML/CSS and JavaScript and then for BitB to work an onClick event is added to ensure href section of a pop up window is ignored in HTML code like below:
OnClick event added to enable BitB Phishing
Ghostwriter then combined BitB with landing victims on malicious landing pages. Ghostwriter have been using BitB to phish credentials on these domains:
login-verification[.]top
login-verify[.]top
ua-login[.]top
secure-ua[.]space
secure-ua[.]top
It is also reported that other states like Iran have been working with Ghostwriter so it is possibly only a matter of time before Iran APT hacking groups such as CharmingKitten and MuddyWater start using a similar technique!
Stay alert friends!!! 🙏🙏🙏
No comments:
Post a Comment