Coldriver: Who Behind Largest Cyber Attack on Postal Services?

Microsoft has reported that the Cyldriver cybercrime group continues to actively engage in stealing accounting data from organizations across various industries. The group, which has been active since 2017, specializes in creating phishing sites that imitate the login pages of postal services and other systems. Through these fake pages, attackers are able to intercept usernames and passwords, which they then use to gain access to personal and corporate data systems.

Microsoft has been monitoring the activities of the Cyldriver group and has noticed that the attackers are using server scripts to prevent automatic scanning of their infrastructure. Starting from April 2023, the group has also begun to utilize HCAPTCHA to determine their targets and redirect browsing sessions accordingly. This has allowed them to evade detection and continue their malicious activities.

One tool that the Cyldriver group uses to bypass security measures, including two-factor authentication (2FA), is Evilginx. By intercepting and reusing session cookies, Evilginx is able to conduct targeted attacks on network users, posing a significant threat to internet security.