A zero-day credential phishing attack impersonating the U.S. Supreme Court and leveraging the legitimacy of CAPTCHA was recently stopped dead in its tracks.

By using machine learning algorithms, Armorblox foiled the attack aimed at C-suite executives, according to a blog post by company co-founder and architect Chetan Anand.

The attackers were mainly trying to use the fraudulent emails to steal credentials so they could launch other, more destructive attacks. Fortunately in this case, Anand says the attackers were stopped, the bad emails were quarantined and no further damage took place. This attack in the United States has been tougher to detect than other such cases around the world because it avoids known malware and instead opts for a zero-day credential phishing page.

Users received an email with a subject header that read “This email is a writ issued by the Supreme Court, to compel you to attend the below hearing.”  

Recipients were meant to be intimidated by such an imposing request, says Anand. The attacker created a new domain for the link in the email, so it got past any Microsoft filters that were created to block known bad links. The final credential phishing page was painstakingly made by the attacker to resemble an Office 365 login page. In addition, the fraudster created a CAPTCHA page designed to convince the victim the site was secure. 

Anand says this most recent attack is a variant of last year’s subpoena themed phishing attack that surfaced in the U.K>, where attackers impersonated the U.K. Ministry of Justice. Last year’s attack infected target endpoints with publicly-available information stealing malware called Predator the Thief.