Phishing, Email security

Phishing attack launched against Any.Run

Share
A computer screen displays a digital alert of an email phishing threat, accompanied by a striking red warning sign.

Malware sandbox service Any.Run had its employees subjected to a phishing attack suspected to be part of a business email compromise campaign, SecurityWeek reports.

While the intrusion was only discovered last week after the delivery of a phishing email from a sales team employee, an investigation into the matter showed that Any.Run has been under attack since late May after the said employee clicked a link on a client email that redirected to a Microsoft phishing website, which sought the employee's credentials and multi-factor authentication code. Aside from including their device for MFA, attackers also deployed a data exfiltration app before proceeding with sending the phishing emails using the compromised employee's account, access to which was immediately revoked by Any.Run. Despite the breach, Any.Run emphasized that no production environment or code base has been impacted by the incident as it ensured the implementation of additional safeguards to its systems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.