The State Service of Special Communication and Information Security, through the National Cybersecurity Center (NCSC) under the Ministry of Digital Development and Transport of Azerbaijan, has identified a new, sophisticated phishing campaign targeting local organizations.
According to the "Operative Information Center-OMM", citing the NCSC, cybercriminals are leveraging compromised official email accounts from various local entities to distribute malicious content. By utilizing trusted email addresses, attackers send messages with subjects such as "Shared a File" or "New secure message from," directing users to fraudulent document portals.
The NCSC reports that the links within these emails bypass standard security filters by hosting content on the legitimate freshdesk.com platform. Once a user clicks the link, they are redirected to a deceptive Microsoft login page hosted at iphro.nobeienergy[.]com. This page is designed to mimic the authentic interface, capturing usernames, passwords, and multi-factor authentication (MFA/2FA) codes in real-time. By stealing session cookies, attackers can bypass two-factor authentication and gain unauthorized access to user accounts.
Cybersecurity experts emphasize that phishing remains a primary vector for data breaches in Azerbaijan and globally. Organizations are increasingly targeted by social engineering tactics that exploit human trust in familiar communication channels.
The NCSC advises users to exercise extreme caution with unexpected emails regarding "shared documents" or "secure messages." Users should verify the authenticity of such requests through alternative communication channels, ensure that the browser address bar displays only the official "login.microsoftonline.com" domain, and refrain from entering credentials on suspicious pages.
In case of encountering suspicious activity, citizens and organizations are urged to contact the National Cybersecurity Center via email at [email protected] or by calling the "1654" hotline.
