Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Phishing Campaign Uses Fake Adobe Document Cloud Application to Steal Microsoft Credentials

A cyber crime group is using a fake web application masquerading as the Adobe Document Cloud in order to steal credentials for Microsoft Office 365 and Outlook.

Threat ID:
CC-4047
Threat Severity:
Low
Threat Vector:
Phishing
Published:
7 March 2022 2:50 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A cyber crime group is using a fake web application masquerading as the Adobe Document Cloud in order to steal credentials for Microsoft Office 365 and Outlook.

Threat details

Introduction

The Curated Intelligence group have identified a phishing campaign that is targeting UK organisations and is aimed at stealing Microsoft Office 365 and Outlook credentials. The phishing emails suggest the user has received a shared, faxed, or encrypted document.

Once clicked, the user is directed to a fake Adobe Document Cloud web application that is designed to steal email credentials for Microsoft Office 365 or Outlook. These credentials are then used for business email compromise which can allow an attacker to set up forwarding rules, intercept email conversations, steal sensitive data, or carry out fraudulent exchanges.

Remediation steps

Type Step
Guidance

Organisations are advised to read the Curated Intelligence article and to block any outbound traffic to the following domain:

runn1rnl8xzmqeh0kvov[.]web[.]app​​​​​

 

Note: The Secure Boundary service has already implemented this blocking rule and therefore, any traffic that routes through Secure Boundary is already protected.

Last edited: 7 March 2022 2:51 pm