What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits

In September 2022, Trend Micro researchers observed a new potential BEC campaign that was targeting large companies around the world which we believe has been running since April 2022. By carefully selecting their target victims and leveraging open-source tools, the group behind this campaign stayed under the radar for quite some time.

This attack leveraged an HTML file (which was JavaScript that had been obfuscated) that was attached to an email. Based on our analysis, we determined this to be a targeted attack based on some of the features that were enabled in the JavaScript (JS) and on the PHP code deployed by the attackers from the server side.

Read more…
Source: Trend Micro