A new long-running phishing campaign, allegedly originating from Vietnam and active since 2018, is targeting professionals on LinkedIn with the final objective to compromise their corporate Facebook accounts.
The campaign, dubbed “Ducktail,” has exclusively financial motivations, aiming to not only steal business-specific details from the compromised corporate Facebook accounts (which, by the way, are exfiltrated via Telegram bots), but also to leverage the privileges to hijack the payments, replacing the financial details, or even to run their own Facebook Ad campaigns with money from the victimized firms.
Unsurprisingly, this campaign exploits the cloud in multiple familiar ways throughout its attack chain. This is not only