Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish

Cybersecurity companies can be attacked in the same ways that they help their customers protect themselves from This article explores phishing operations resilient. . However, if a compromise is successful, it could have big effects on their customers that other hacks don't.

A recent phishing attack on a C-level executive at the security company Outpost24 is an example of attackers going after security vendors. The attack was designed to get around several layers of enterprise email security without setting off any alerts. Before the attack could do any damage, researchers at Outpost24's threat intelligence unit looked into it. They found that the campaign used the good names of companies like Cisco and JP Morgan to create a complicated seven-step redirect chain that led to a page that tried to steal Microsoft Office credentials.

A 7-Step Chain of Cyberattacks According to a recent blog post by Outpost24 subsidiary Specops Software, the phishing lure came in the form of a "very convincing" financial communication from JP Morgan that was sent to the targeted C-suite person. "Using trusted domains, real services, and multiple layers of redirection shows a more planned effort to get around detection controls." The researcher says that using these methods together is a sign that phishing operations are becoming more resilient and hard to catch.

Related: What we learned about Olympic cybersecurity from Paris 2024 to Milan Cortina 2026 Mika Aalto, cofounder and CEO of Helsinki-based Hoxhunt, says that attackers like to target security companies like Outpost24 because they are deeply embedded in customer environments and their infrastructure is trusted by both users and systems. He says, "It's often easier to sneak into the castle through a neighbor's yard than to storm the front gate." Phishing is still one of the best ways to do that, and kits like Kratos are making it easier for attackers to launch complex credential-harvesting campaigns against important targets, even those that seem to have the best security and maturity.

The campaign that went after Outpost24 shows how attackers are laundering their phishing links and sending victims through layers of trusted services and compromised infrastructure, just like how money launderers layer transactions to hide dirty money.