PerSwaysion is a series of sophisticated successful phishing attacks, discovered and analyzed by Group-IB. The attacks were carried out against the management and executives of 156 companies in the US, Canada, Germany, the UK, Netherlands, Hong Kong, Singapore, and in other countries. The campaign received its name due to the extensive abuse of Microsoft Sway. It has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators.
The cybercriminals gained access to many confidential corporate Office365 emails of mainly financial services companies, law firms, and real estate groups. The PerSwaysion campaign proliferates with alarming rates by leveraging compromised accounts’ email data to select further targets who hold important roles and share business relation with the victims.
The detailed technical analysis of PerSwaysion operations and attack scheme is available in Group-IB’s blog post.