5 matches found
Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx
A new approach to Browser In The Browser BITB without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I...
Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks
A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group TAG is tracking the cluster under the name ARCHIPELAGO, which it...
Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter – a threat actor previously linked with the Belarusian Ministry of Defense – has glommed onto the recently disclosed, nearly invisible “Browser-in-the-Browser” BitB credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine. In a Wednesday post,...
Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks
A Belarusian threat actor known as Ghostwriter aka UNC1151 has been spotted leveraging the recently disclosed browser-in-the-browser BitB technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain ...
New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
A novel phishing technique called browser-in-the-browser BitB attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, wh...