Microsoft warn that threat actors are increasingly using HTML smuggling technique in phishing campaigns to stealthily deliver threats.
HTML smuggling lets an attacker “smuggle” an encoded malicious script within a specially crafted HTML attachment or web page. When a target user opens the HTML in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the host device.Thus, instead of having a malicious executable pass directly through a network, the attacker builds the malware locally behind a firewall.
The emails employed in the campaign attributed to DEV-0193 used a specially crafted HTML page as an attachment.
Organizations need a true “defense in depth” strategy and a multi-layered security solution that inspects email delivery, network activity, endpoint behavior, and follow-on attacker activities