A recent phishing campaign targeted a Darktrace customer by utilizing a legitimate Dropbox email address to distribute malware [1].


The attackers sent emails with links to PDF files hosted on Dropbox [1], leading recipients to a fake Microsoft 365 login page to steal credentials [1]. Despite successfully bypassing multifactor authentication (MFA) using valid tokens [1], the organization’s security team was able to detect the suspicious activity. The threat actors employed VPN services to conceal their locations and implemented email rules to avoid detection [1]. This incident underscores the trend of attackers exploiting popular services like Dropbox to conduct phishing attacks, showcasing their ability to evade standard security measures such as email detection tools and MFA. The attackers used legitimate Dropbox infrastructure to steal credentials and bypass multi-factor authentication (MFA) [2], as revealed by Darktrace [2]. This novel approach allowed the attackers to successfully evade MFA protections and gain unauthorized access to sensitive information [2].


This incident highlights the importance of robust security measures and continuous monitoring to detect and prevent phishing attacks. Organizations should remain vigilant and implement additional layers of security to protect against sophisticated threats like the one described. As attackers continue to evolve their tactics, it is crucial for businesses to stay ahead of the curve and adapt their security strategies accordingly.


[1] https://ciso2ciso.com/dropbox-used-to-steal-credentials-and-bypass-mfa-in-novel-phishing-campaign-source-www-infosecurity-magazine-com/
[2] https://www.itsecuritynews.info/dropbox-used-to-steal-credentials-and-bypass-mfa-in-novel-phishing-campaign/