1. PSN identifies potential targets of interest
  2. A customized phishing website is built
  3. The phishing campaign is developed specifically for the specific targets
  4. Malicious emails, distributed in low volumes, are sent to victims
  5. Clicking on the malicious links and login leads to the deployment of persistence mechanisms on the victim’s account (Office 365, Google Workspace)
  6. Exfiltration, lateral movement, and privileges escalation activities are then carried on by the Threat Actor
  1. Enhanced Security Measures: Given the persistent efficacy of PSN in circumventing MFA, CISOs and IT departments should contemplate the integration of supplementary security layers. This may encompass:
    • The adoption of Behavioral Analysis
    • The implementation of Identity Anomaly Detection activities
    • The deployment of Advanced Endpoint Protection mechanisms
  2. Intelligence: Leverage Threat Intelligence feeds to ensure a proactive approach against evolving phishing techniques. Regular updates from these feeds facilitate staying ahead of the latest tactics employed by PSN and other threats
  3. Continuous Monitoring and Adaptation: The evolving nature of PSN’s tactics necessitates ongoing vigilance and the adaptation of security strategies to counter new threats effectively. Participate in industry-specific information-sharing groups could be an effective strategy to stay informed about the latest attack trends
  4. Employee Training and Awareness: Conduct routine phishing awareness training sessions for personnel, emphasizing the criticality of adeptly recognizing and promptly reporting phishing attempts to mitigate potential security breaches

PSN’s attack campaigns employ phishing emails as their attack vector to establish long-term access to victims’ account. These emails contain malicious attachments or links that redirect users to customized phishing websites.

TTPs

Related articles