Hotels, travel agencies, and other hospitality organizations in North America, Europe, South and Southeast Asia, and Oceania have been subjected to Storm-1865 attacks compromising financial accounts and credentials as part of an ongoing ClickFix phishing campaign that involved Booking.com spoofing, according to SC Media.
Intrusions commence with the distribution of malicious emails purporting to be negative review or account verification alerts from Booking.com that include a link, which redirects to a site with a bogus CAPTCHA test including instructions that facilitate malware downloading and execution, a report from Microsoft showed.
While related social engineering techniques have been leveraged by Storm-1865 since its emergence two years ago, this campaign represents its first use of the ClickFix approach, Microsoft researchers said.
"The addition of ClickFix to this threat actor's tactics, techniques, and procedures shows how Storm-1865 is evolving its attack chains to try to slip through conventional security measures against phishing and malware," added Microsoft.
