Threat actors abused Kuse.ai, a legitimate AI workplace platform, to host a phishing document as part of a Vendor Email Compromise (VEC) attack. Attackers uploaded a Markdown (.md) file containing a blurred fake document preview to Kuse's storage, then shared it via the platform's native link-sharing feature. The .md extension helped bypass common phishing filters. Victims were lured into clicking a link that redirected them to a fake Microsoft login page to harvest credentials. The attack combined a compromised vendor mailbox, platform legitimacy, and image manipulation for multi-layered social engineering. Recommendations include phishing-resistant MFA (FIDO2/WebAuthn), time-of-click URL inspection, VEC-aware security training, and restricting AI platform sharing features.
Sort: