TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

GBHackers

Phishing Attack Weaponizes Calendar Invites to Steal Login Credentials

Mayura Kathir · 9 hours ago · Read original ↗

ATT&CK techniques detected

9 predictions
T1566.002Spearphishing Link
99%
“phishing attack weaponizes calendar invites to steal login credentials a new large - scale phishing campaign is abusing fake event invitations to compromise u. s. organizations, combining credential theft, otp interception, and the deployment of remote monitoring and management (…”
T1566.002Spearphishing Link
84%
“is already on the back foot. when the user selects gmail as the login method, a different chain is observed. first, the user is redirected to a page disguised as a google authorization form. security teams should tune detection content for the shared url and request patterns, mon…”
T1566.002Spearphishing Link
83%
“the phishing urls follow a consistent pattern such as https : / / < phish - site > / < url - pattern > / < endpoint >, with only the logo and branding swapped per target. the underlying infrastructure also exposes fixed resource paths and a characteristic request chain : initial …”
T1566.002Spearphishing Link
83%
“), allowing attackers to bypass multi - factor authentication and access corporate mailboxes or other services with full session control. in the rmm delivery path, the fake invitation page pushes a download that appears to be related to the event but actually installs a legitimat…”
T1566Phishing
71%
“the phishing urls follow a consistent pattern such as https : / / < phish - site > / < url - pattern > / < endpoint >, with only the logo and branding swapped per target. the underlying infrastructure also exposes fixed resource paths and a characteristic request chain : initial …”
T1111Multi-Factor Authentication Interception
52%
“the chain can move in two directions : towards credential theft and otp interception, or towards the installation of legitimate rmm software such as screenconnect, itarian, datto rmm, connectwise, or logmein rescue. phishing attack weaponizes calendar when the page is configured …”
T1667Email Bombing
38%
“), allowing attackers to bypass multi - factor authentication and access corporate mailboxes or other services with full session control. in the rmm delivery path, the fake invitation page pushes a download that appears to be related to the event but actually installs a legitimat…”
T1557Adversary-in-the-Middle
34%
“the chain can move in two directions : towards credential theft and otp interception, or towards the installation of legitimate rmm software such as screenconnect, itarian, datto rmm, connectwise, or logmein rescue. phishing attack weaponizes calendar when the page is configured …”
T1598Phishing for Information
34%
“the phishing urls follow a consistent pattern such as https : / / < phish - site > / < url - pattern > / < endpoint >, with only the logo and branding swapped per target. the underlying infrastructure also exposes fixed resource paths and a characteristic request chain : initial …”

Summary

A new large-scale phishing campaign is abusing fake event invitations to compromise U.S. organizations, combining credential theft, OTP interception, and the deployment of remote monitoring and management (RMM) tools in a single operation. The campaign stands out because it blends familiar user workflows with legitimate-looking infrastructure, making it harder for security teams to spot and […]

The post Phishing Attack Weaponizes Calendar Invites to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.