Full Report
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD
Analysis Summary
# Tool/Technique: Telephone-Oriented Attack Delivery (TOAD)/(Callback Phishing)
## Overview
TOAD, or Callback Phishing, is a social engineering technique where threat actors leverage phishing emails, often containing PDF attachments, to trick victims into calling an adversary-controlled phone number. During the call, the attacker impersonates a legitimate representative to manipulate the victim into disclosing sensitive information or, more commonly, installing malware.
## Technical Details
- Type: Technique
- Platform: Primarily targets endpoints (Windows, Android mentioned) susceptible to malware installation or remote access.
- Capabilities: Exploits social engineering principles (urgency, trust in brands/support) via high-touch voice interaction to bypass standard email security controls.
- First Seen: Information not provided, but the FBI issued warnings in May 2025 regarding specific use by Luna Moth.
## MITRE ATT&CK Mapping
*Note: Since TOAD is a delivery/social engineering methodology rather than a specific piece of malware or tool, the mappings focus on the resulting initial access and execution methods.*
- **TA0001 - Initial Access**
- T1566 - Phishing
- T1566.001 - Spearphishing Attachment (Used via PDF payload)
- **TA0002 - Execution**
- T1204 - User Execution
- T1204.002 - Malicious File (If the victim downloads/opens a file provided by the attacker during the call)
## Functionality
### Core Capabilities
- **Brand Impersonation:** Uses recognized brands (Microsoft, Docusign, PayPal, NortonLifeLock, Geek Squad) within the initial email/PDF to establish initial trust.
- **QR Code Delivery:** PDF payloads often contain malicious QR codes pointing to fake login or phishing pages.
- **Voice Manipulation:** Attackers use voice communication to exploit trust, employing scripted tactics, hold music, and spoofed caller IDs to mimic legitimate support workflows.
### Advanced Features
- **Persistence Gain:** Attackers often coerce victims into installing banking trojans on Android or Remote Access Programs (e.g., AnyDesk, TeamViewer) on victim machines for persistent access.
- **Multi-Stage Attacks:** Attackers can reuse VoIP numbers for extended periods (up to four consecutive days) to facilitate complex, multi-stage social engineering operations.
- **Information Harvesting:** Beyond malware installation, attackers may route victims to fake payment portals to harvest credit card information.
## Indicators of Compromise
- File Hashes: N/A (Focus is on technique).
- File Names: Malicious PDF attachments related to support, transactions, or notifications from impersonated brands.
- Registry Keys: N/A.
- Network Indicators: Unknown/dynamic VoIP numbers used for callbacks. C2 infrastructure tied to installed malware (e.g., banking trojans, RATs).
- Behavioral Indicators: Victim initiates an outbound call to a suspicious, unprompted number found within an email attachment or body; subsequent installation of remote access software.
## Associated Threat Actors
- Luna Moth (Financially motivated group targeting networks by posing as IT personnel).
- Unspecified threat actors using this method to install banking trojans and RATs.
## Detection Methods
- Signature-based detection: Not effective against the voice interaction, but can flag known malicious URLs embedded in PDFs or associated RAT installers.
- Behavioral detection: Monitoring for sudden, unsolicited outbound calls initiated by an employee after interacting with an email attachment, especially if followed by remote access software installation attempts.
- YARA rules: Can be developed to locate specific PDF structures commonly used in these campaigns (e.g., embedded QR codes or sticky note annotations containing URLs).
## Mitigation Strategies
- **User Training:** Emphasize extreme caution regarding unsolicited calls prompted by emails, especially those involving digital documents or urgent financial/security matters. Reinforce procedures for verifying support contacts independently.
- **Technical Controls:** Implement domain monitoring and brand protection services to flag lookalike domains used in phishing. Implement controls to monitor and restrict the installation of remote access applications (via application whitelisting).
- **Email Security:** Enhance email filters to inspect PDF attachments for embedded links/QR codes, although the core vulnerability here is the *call*, not the attachment opening itself.
## Related Tools/Techniques
- Vishing (Voice Phishing)
- Tech Support Scams
- Business Email Compromise (BEC) (Shares similar goals in deception but uses a different initial delivery vector).
***
# Tool/Technique: Microsoft 365 Direct Send Spoofing
## Overview
A novel phishing technique exploiting the legitimate Microsoft 365 (M365) "Direct Send" feature to spoof internal users and deliver phishing emails without having to compromise an actual user account. This method sends emails that appear to originate from within the victim organization and bypass standard authentication checks.
## Technical Details
- Type: Technique
- Platform: Microsoft 365 / Exchange Online environments.
- Capabilities: Bypasses external email scrutiny by leveraging M365's legitimate functionality designed for multifunction devices/applications (Smart Hosts). Emails appear internal.
- First Seen: Since May 2025.
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- T1566 - Phishing
- T1566.002 - Spearphishing Link (Often used in conjunction with the delivery email)
- **TA0001 - Initial Access**
- T1566 - Phishing
- T1566.004 - Spearphishing via Service (Exploiting a cloud service's mailing function)
## Functionality
### Core Capabilities
- **Internal Appearance:** Emails appear to originate from an internal user, leading to less scrutiny from security gateways configured to trust internal traffic.
- **No Authentication Required:** Exploits the *smart host addresses* (which follow the pattern ".mail.protection.outlook.com") to send emails without authenticating against the organization's tenant.
- **Payload Delivery:** Used to deliver phishing links (e.g., M365 credential harvesting pages) or PDFs containing QR codes.
### Advanced Features
- **Targeting Scale:** Observed targeting over 70 organizations as of May 2025.
- **Content Manipulation:** Used in campaigns that mimic voicemail notifications to drive users toward credential harvesting pages.
## Indicators of Compromise
- File Hashes: N/A.
- File Names: N/A.
- Registry Keys: N/A.
- Network Indicators: Emails originating from non-standard sending servers attempting to route through the legitimate M365 outbound relay structure without proper SMTP authentication credentials.
- Behavioral Indicators: Receiving emails that claim to be internal but lack standard internal delivery markings or headers, often using suspicious sender addresses that resolve improperly via SPF/DKIM checks set up for legitimate relay services.
## Associated Threat Actors
- Unspecified threat actors utilizing this vector since May 2025.
## Detection Methods
- Signature-based detection: Difficult, as the technique uses legitimate service paths.
- Behavioral detection: Monitoring M365 logs for high volumes of outbound mail originating via Direct Send or configured connectors that bypass standard user authentication checks, particularly if destined for external phishing links.
- YARA rules: N/A.
## Mitigation Strategies
- **M365 Configuration Hardening:** Review and restrict usage of M365 Direct Send functionality to only known, trusted devices/IP ranges.
- **Authentication Enforcement:** Ensure that all mail flowing through M365 enforces strong SPF/DKIM checks, even for traffic originating near the *protection.outlook.com* boundary, though Direct Send logic is specifically designed to circumvent some of these checks for authorized connectors.
- **User Awareness:** Train users to independently verify unexpected internal communications, especially those containing urgent links or attachments.
## Related Tools/Techniques
- Email Spoofing/Impersonation
- Direct Send (Legitimate M365 Feature being abused)
- BEC
***
# Tool/Technique: Malicious Search Engine Poisoning via Compromised Sites (Hacklink)
## Overview
A method where cybercriminals inject malicious JavaScript or HTML into compromised, reputed websites (e.g., .gov or .edu domains) to manipulate search engine algorithms. This practice, sometimes facilitated by illicit marketplaces like Hacklink, aims to ensure phishing or illicit sites rank highly when users search for relevant keywords.
## Technical Details
- Type: Technique
- Platform: Web servers hosting legitimate, high-authority domains.
- Capabilities: Manipulates Search Engine Results Pages (SERPs) to prioritize attacker-controlled content over legitimate results.
- First Seen: Context suggests recent activity preceding the article's reporting date.
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- T1566 - Phishing
- T1566.005 - Spearphishing Via Social Media (Affects links users find through searching)
- **TA0103 - Impact**
- T1587 - Develop Capabilities
## Functionality
### Core Capabilities
- **Code Injection:** Injecting malicious code (JavaScript/HTML) into the source code of high-authority, compromised sites.
- **Keyword Association:** The injected content is associated with specific keywords, triggering the desired SERP placement.
- **Search Result Manipulation:** Attackers can alter the description text displayed in search results without gaining full control of the website itself.
### Advanced Features
- **Illicit Marketplace:** Services like Hacklink facilitate the purchase of access to compromised websites for injection purposes.
- **High Trust Indexing:** By leveraging the authority of .gov or .edu domains, the malicious results gain enhanced credibility and search ranking.
## Indicators of Compromise
- File Hashes: N/A.
- File Names: N/A.
- Registry Keys: N/A.
- Network Indicators: Outbound links from compromised legitimate sites pointing to phishing domains.
- Behavioral Indicators: Search results for common/trusted terms leading unexpectedly to known phishing pages or illicit marketplaces.
## Associated Threat Actors
- Users of the "Hacklink" service/marketplace.
- Actors leveraging compromised sites to advertise malicious content.
## Detection Methods
- Signature-based detection: Difficult, but Web Application Firewalls (WAFs) might detect unauthorized code injection on legitimate sites.
- Behavioral detection: Monitoring deviations in search engine rankings for trusted keywords or unusual outbound links from high-authority sites to suspicious destinations.
- YARA rules: N/A.
## Mitigation Strategies
- **Website Security:** Regular security audits and strong Content Security Policies (CSP) on high-authority domains to prevent unauthorized script injection.
- **User Vigilance:** Users must verify search result URLs, even when results appear highly ranked or authoritative.
- **Search Engine Trust Models:** Relying less on pure domain authority for security decisions.
## Related Tools/Techniques
- SEO Manipulation
- Compromise of Content Management Systems (CMS)
***
# Tool/Technique: AI-Powered Phishing Content Generation & Code Poisoning
## Overview
Threat actors are leveraging Artificial Intelligence (AI) tools (including Large Language Models or LLMs) to generate phishing pages and promotional content at scale. Furthermore, they are poisoning AI coding assistants and development platforms (like GitHub or Cursor) by seeding malicious code disguised as utility projects.
## Technical Details
- Type: Technique/Evolving Threat
- Platform: LLM interfaces, GitHub, Solana Blockchain ecosystem (mentioned in context).
- Capabilities: Automated phishing page creation; corrupting LLM training data or developer tool inputs to facilitate financial theft or compromise.
- First Seen: Mentioned in context of recent developments (May/July 2025).
## MITRE ATT&CK Mapping
- **TA0002 - Execution**
- T1059 - Command and Scripting Interpreter
- **TA0007 - Discovery**
- T1083 - File and Directory Discovery (Relevant if used to probe environments)
- **TA0011 - Persistence**
- T1593 - Compromise Software Supply
## Functionality
### Core Capabilities
- **Automated Page Building:** Using AI tools to rapidly create convincing phishing landing pages.
- **Social Proof Creation:** Generating synthetic supporting materials (blog tutorials, forum Q&A, highly detailed fake GitHub accounts/repos) to make malicious code projects appear credible and indexable by AI training pipelines.
- **LLM Query Manipulation:** Attempting to "game" an LLM's response by surfacing malicious URLs as answers to user queries.
### Advanced Features
- **Targeted Code Poisoning:** Example involves publishing "Moonshot-Volume-Bot" projects on GitHub with rich, credible-looking fake developer profiles specifically designed to be ingested by AI training data, redirecting Solana transactions to attacker wallets.
## Indicators of Compromise
- File Hashes: SHA-256 hash of malicious libraries/APIs found in GitHub repositories intended to poison developer code bases.
- File Names: Projects like "Moonshot-Volume-Bot." Fake API/library imports.
- Registry Keys: N/A.
- Network Indicators: Malicious URLs surfaced as responses from LLMs interacting with the threat actor's seeded content.
- Behavioral Indicators: Developer tooling integrating external code/APIs that execute unauthorized blockchain transactions upon compilation or runtime.
## Associated Threat Actors
- Threat actors utilizing AI tools to scale social engineering and compromise supply chain integrity.
## Detection Methods
- Signature-based detection: Signature-based detection is ineffective against dynamically generated or narrative-based phishing efforts.
- Behavioral detection: Monitoring developer environments for the introduction of newly imported, complex external dependencies relating to cryptocurrency functions, especially if sourced from newly created or low-reputation GitHub accounts.
- YARA rules: Could potentially be used to identify known patterns or metadata associated with the specifically seeded poisoned code.
## Mitigation Strategies
- **Strict Code Review:** Any code integrated from external sources, especially open-source repositories, must undergo rigorous testing and verification.
- **AI Tool Usage Policy:** Establish clear policies on interacting with LLMs regarding sensitive data or incorporating AI-generated code snippets directly, without human vetting.
- **Supply Chain Security:** Employ software composition analysis (SCA) tools to audit dependencies for malicious behavior, even in small injected components.
## Related Tools/Techniques
- AI-Powered Phishing Kits
- Software Supply Chain Attacks
- QR Code Phishing (Contextually related as an initial vector)