Kaspersky recently confirmed that a legitimate Amazon Simple Email Service (SES) token, issued to a third-party vendor, was recently used by threat actors to target Office 365 users in a phishing attack.
The attackers used two phishing kits, including “Iamtheboss” and “MIRCBOOT.”
Although the attackers used an official Kaspersky email and sent the emails from the Amazon Web Services infrastructure, which provided them with the support they needed to reach their target mailboxes without being flagged, Kaspersky noted that “No server compromise, unauthorized database access or any other malicious activity was found at 2050.earth and associated services,”
The SES token was revoked immediately after the phishing attacks were discovered.
Going forward, Kaspersky urged users and phishing attackers to remain vigilant and not disclose their information or login credentials even if the message comes from a familiar or well-known brand.