A sophisticated 7-stage phishing attack targeted a C-suite executive at cybersecurity firm Outpost24, aiming to steal Microsoft Office credentials. Attackers chained together trusted services including Cisco Secure Web, Nylas API, and Amazon SES to pass DKIM authentication and evade automated security tools. The campaign used the Kratos phishing-as-a-service kit, leveraged compromised infrastructure, expired domains re-registered by attackers, and Cloudflare hosting to obscure the final malicious page. Anti-bot and human validation checks blocked automated scanners. Security experts note the attack illustrates how phishing infrastructure can be 'laundered' through legitimate services, and that security vendors are high-value targets due to their deep integration into customer environments.
Sort: