Researchers at Proofpoint have published their analysis of an ongoing observed phishing campaign targeting specific individuals, using DocuSign-themed lures and leveraging a public cloud storage service to host landing pages. The targeted users are from a variety of companies, but there appears to be no industry-specific targeting.
The listed domains presently have TLS certificates from “Let’s Encrypt” and all appear to have been registered by “[email protected]”.
Indicators of Compromise
UK based technology professional, with an interest in computer security and telecoms.