Threat actors leverage document publishing sites for ongoing credential and session token theft

• Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements.
• Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or …

attack cisco cisco talos cisco talos incident response credential credential theft digital document hosting incident incident response intelligence phishing phishing attack publishing response session talos talos incident response theft threat threat actors threat intelligence token token theft