Stolen Amazon SES token used in Office 365 phishing


Level 37
Thread author
Top poster
Feb 4, 2016
Kaspersky said today that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users.

Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.
Kaspersky security experts linked the phishing attempts to multiple cybercriminals who used two phishing kits in this campaign, one known as Iamtheboss and another named MIRCBOOT.

No servers compromised

"This access token was issued to a third party contractor during the testing of the website," Kaspersky explained in an advisory issued today, the first of its kind issued by the Russian cybersecurity firm in the last six years.

"The site is also hosted in Amazon infrastructure. Upon discovery of these phishing attacks, the SES token was immediately revoked.
Last edited by a moderator: