December 8, 2023

Threat actors are using Morse code – ‘the novel obfuscation technique’ for targeted phishing campaigns. This technique is known for the code language for Army and security services, by this technique, threat actors are able to hide the email attachment containing malicious URLs.

Hackers used the morse code in the phishing emails to bypass secure mail gateways and mail filters. Researchers discovered the strike on various samples of threat vector. Threat actors targeted the company by sending a malicious email posing to be an invoice for the company.

This mail looks like – “Revenue_payment_invoice February_Wednesday 02/03/2021” including the HTML attachment for the invoice as [company_name] _ invoice _ [number]._xlsx.html.

The attachment contains mapped letters and numbers then calling out to the decodeMorse() function into a hexadecimal string to decode a Morse code string. The JavaScript is inserted into the code holding assets to provide a fake file asking users for the password permitting threat actors to gain access.

Threat actors are tricking users by using the service to make the form look more convincing, in case the logo is not available then the logo of generic Office 365 is used. The other companies which have suffered due to this phishing attack are Dimensional, Metrohm, SBS, Nuovo IMAIE, ODDO BHF Asset Management, SGS, Dimensional, SBI (Mauritius) Ltd., Bridgestone, Cargeas, Equinti, Capital Four, and Dea Capital.

Morse code was invented by the American artist and inventor Samuel F.B. Morse during the 1830s for electrical telegraphy and further upgraded by American scientist and businessman Alfred Lewis Vail. It is a technique used in telecommunication to encode text characters by an arrangement of dots, dashes, and spaces.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.