Group-IB, a Singapore-based cybersecurity company, has identified a series of sophisticated successful phishing attacks against the management and executives of more than 150 companies around the world. The campaign, dubbed PerSwaysion due to the extensive abuse of Microsoft Sway, has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators. Сybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. The PerSwaysion campaign proliferates with alarming rates by leveraging compromised accounts’ email data to select further targets who hold important roles in their companies and share business relations with the victims. Group-IB continues to work with the relevant parties in local countries to inform the affected companies of the breach.
PerSwaysion is a highly-targeted phishing campaign. One of the defining signatures of PerSwaysion is that it spreads like wildfire jumping from one victim to another while no malware is present on a user device during the attack. New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours. The campaign resulted in a compromise of 156 high-ranking officers in global and regional financial hubs such as the US, Canada, Germany, the UK, Netherlands, Hong Kong, Singapore, and other locations. The PerSwaysion campaign primarily focuses on financial services companies (~50%), law firms, and real estate companies to conduct further supply-chain attack against their clients and business contacts. Group-IB set up a website, where everyone can check if their email was compromised by PerSwaysion. ...read more!
