Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content.
Malicious links direct the browser to automatically refresh or reload a web page immediately, without requiring user interaction.
Targets of the large-scale activity, observed between May and July 2024, include large corporations in South Korea, as well as government agencies and schools in the U.S.
The infection chains are characterized by the delivery of malicious links through header refresh URLs containing targeted recipients' email addresses.
[
Collection
]
[
|
...
]