TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

The Hacker News

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

[email protected] (The Hacker News) · 5 days ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1566.002Spearphishing Link
77%
"targeting facebook business account owners, claiming to be from meta support and urging them to submit an appeal, or risk getting their account permanently deleted. the emails are sent from a google appsheet address ( " noreply @ appsheet. com " ), allowing them to bypass spam fi…"
T1566.003Spearphishing via Service
61%
"30, 000 facebook accounts hacked via google appsheet phishing campaign a newly discovered vietnamese - linked operation has been observed using a google appsheet as a " phishing relay " to distribute phishing emails with an aim to compromise facebook accounts. the activity has be…"
T1566.002Spearphishing Link
56%
"vercel - hosted " security check " or " meta | privacy center " pages that are gated by a bogus captcha check before directing users to the phishing landing page to collect contact details, business information, credentials ( after a forced retry ), and two - factor authenticatio…"
T1586.002Email Accounts
33%
"30, 000 facebook accounts hacked via google appsheet phishing campaign a newly discovered vietnamese - linked operation has been observed using a google appsheet as a " phishing relay " to distribute phishing emails with an aim to compromise facebook accounts. the activity has be…"

Summary

A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000 Facebook accounts are