Figure 8: Threat actor starts to rely on automated workflows
The threat actor also appeared to be interested in other AI tools to help with data generation and writing. We saw multiple Google searches for “free ai no signup” and for “csv generator ai.” We also saw the threat actor using Toolbaz AI, which is a writing assistant; the CSV spreadsheet generator feature of DocsBot AI, which is an AI chatbot tool; and the AI data generator feature of Explo AI, which is an embedded analytics tool.
Finding running instances of Evilginx
We saw evidence of the threat actor searching for running instances of the Evilginx man-in-the-middle attack framework using Censys, and then attempting to access those instances.
Figure 9: Using Censys to search for running instances of Evilginx Figure 9: Using Censys to search for running instances of Evilginx
... continue reading