Office 365 users at risk as phishing campaign uses Kaspersky's stolen Amazon SES token

Reading time icon 2 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • Kaspersky has issued a statement that there is a phishing campaign targeting Office 365 users.
  • The phishing campaign is through the Amazon Simple Email Service (SES) token.
  • An email from an official Kaspersky account was used in the phishing campaign.

Cybercriminals seem to be having a field day with the number of phishing campaigns reported lately. Kaspersky makes the list as the latest entrant in these attacks. 

Microsoft had a similar phishing campaign attack a few months ago with the criminals thirsty for credentials.

Kaspersky security experts have detected phishing attempts that target Office 365 users through the Amazon SES. 

The Amazon SES is an email service that allows developers to send emails from any app for different cases.

Servers are safe

The phishing campaign is not linked to one individual as it seems it is a multi-criminal attack. Two phishing campaign kits appear to have been used, namely Iamtheboss and another named MIRCBOOT.

The servers have not been compromised, as the SES token was revoked immediately after the phishing attacks were discovered.

Sourcing for credentials

The cybercriminals made an attempt by camouflaging the phishing messages and redirecting users to the phishing landing pages. The aim was to harvest the victims’ Microsoft credentials.

The cybercriminals used an official Kaspersky email through the Amazon Web Services infrastructure.

This enabled them to easily bypass Secure Email Gateway (SEGs) protections and access the victims’ mailboxes.

Users to stay vigilant

Although no servers were compromised or malicious activities were detected, Kaspersky advises its users to be extra vigilant and cautious when asked for their credentials.

If you are unsure where the emails are coming from, you can verify the sender’s identity on Kaspersky’s blog.

What are some of the tips you use to protect yourself from cyber-attacks? Share with us in the comment section below.