PHISHING ALERT: The Rise of "Conversation Hijacking" in Business Inboxes 🚨 Think you can trust every email in a long-standing chain with a business partner? Think again. KnowBe4 ThreatLabs is tracking a major spike in Email Thread Hijacking—where attackers don't just spoof an email, they move into the "guest room" of your existing conversations. How the Infiltration Works: Unlike traditional phishing "cold calls," this is a "warm" intrusion. Attackers use compromised credentials to sit silently in an inbox, learning the context of ongoing projects before striking. The Hook: A legitimate-looking reply inside an actual, active email thread. The Payload: Malicious text links ("Review Payment"), fake SharePoint/OneDrive URLs, or Quishing (QR codes) disguised as "secure document" links. The Goal: Stealthy credential harvesting, financial fraud, and lateral movement to hijack even more threads. 🕵️ The "Conversation Hijacking" Scenario: Project Lead (A) and Vendor (B) are discussing an active contract. The Attacker (C) compromises the Project Lead’s account via a previous credential leak. The Attacker sends a "Follow-up" reply from the real account to the Vendor, inserting a malicious link for "updated project specs." The Vendor, seeing the correct history and sender, clicks without hesitation. Success for the attacker. 🛡️ IOCs TO MONITOR AND BLOCK: driokapo[.]biz[.]id hxxps://claudemarferreira[.]adv[.]br/jascintalukatelich/warnerconstruction[.]html tusted-pivot[.]us-ord-1[.]linodeobjects[.]com yuyaitrai[.]my ventraops[.]com hxxps://kitabistanmultan[.]com/hpmnvdsrf/! koceneaded[.]it[.]com troothasho[.]contractors tibeastou[.]courses zoucreatrio[.]courses hxxps[://]www[.]canva[.]com/design/DAHAjJR1s7s/uaErVUES7dm1lKRRaaMmXw/view shapame[.]com Kishoulethea[.]my[.]id emeraldconceptscoaching[.]org stefaiyilo[.]help chudriba[.]pro staipio[.]beauty Fastdeal[.]sa[.]com Email Subject Pattern: FW: RE: 45 Remittance Processing Update – [month year] – Reference # Fw: Company name Follow-up on Invoice # Re: [Ticket #: ID] [name] FW: Re: #[number]-#[number]-Settled_Pymnt_Memo_Approved [date] Re: Completed: Complete with DocuSign WG: Re: Follow-Up: Past Due Balance [date] #CyberSecurity #Phishing #ThreadHijacking #ThreatIntel #KnowBe4 #HumanRisk #BEC

‼ #ThreadHijacking: rilevate attività malevole tramite caselle #BEC compromesse 🔗 acn.gov.it/portale/w/thread-… ⚠ verificare i mittenti delle comunicazioni ricevute

Reverse Shell via Thread Hijacking New Module Insight Images -- malforge-group.in #cybersecurity #threadhijacking #hacking #offensive #reverseshell #malforge #newmodule #windowsinternal

New #Emotet #weaponized #Excel document just dropped. File is contained within a password protected zip file, while relevant e-mails use #Email #ThreadHijacking. File attempts to download and execute malicious Emotet executables from 4 URLS.

#TTPTuesday is here! This week we have an API unhooking technique via #PerunsFart and process injection via #ThreadHijacking. Click below and see if your current protections can identify or block these injection techniques. chains.prelude.org/chains/e4…

Our Threat Research team recently analyzed suspicious emails sent to the personal inbox of an Ars Technica journalist. Our findings uncovered the work of crime group TA578. #Bumblebee #ThreadHijacking #Malware #Ransomware #Cybercrime bit.ly/3oqlrM8

#Emotet fa uso del #threadhijacking per la sua tecnica di attacco, la #botnet utilizza poi questi contenuti email rubati per creare risposte false che impersonano i mittenti originali. #hacking #cybercrime #PaloAltoNetworks #sicurezzainformatica ictsecuritymagazine.com/noti…

I gave you 25 @wip accounts to give away (100 days for free). #marketing #threadhijacking #pyramidscheme

Cyber-Angriffe 2021: #ThreadHijacking, #Whaling und #Ransomware #itsecurity #cybercrime #CyberAttack @HP_Deutschland it-daily.net/it-sicherheit/c…

Different types of injection methods/detections explained - #CreateRemoteThread, #ProcessHollowing, #APC Injection, #ThreadHijacking dlvr.it/Rp9HPF #cyber #threathunting #infosec

Tu t'adresses à la mauvaise personne. #ThreadHijacking

Wurde andernorts schon reichlich erörtert. Was soll das Threadhijacking hier?

Guess what @maarteneekels just did at the @diwugnl #threadhijacking 😎

Thanks Mark! I really did learn a lot from all you guys! Currently BLACK BELT 1st dan in: ● #ThreadHijacking ✔️ ● #PalmReading 🤦🏻‍♂️ ● #ShitpostingBtcsRoadTo100k ✔️

my MISP event 5cb76f8e-cbe0-4a53-a853-0fedc0a80108 #threadhijacking

"Explorers" is a good one that captures a lot about the show. Sorry for hijacking the thread, as they say, or threadhijacking

How about mine? youtu.be/ViRfvVf2N-w #ThreadHijacking #ShamelessSelfPromotion #hashtag

Important message to our followers regarding #Trolls #Threadhijacking in our feed whenever we made a post relating to #Vault7 or #ItsTime ⤵