← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Increase in Email Bombing and IT Impersonation Campaigns
WHITE Threat PetrP.73 2026-05-08 Modified: 2026-05-08
16
IOCs
MEDIUM VOLUME
Since early 2026, Microsoft Teams-based phishing attacks have surged, primarily involving threat actors impersonating IT Support and Helpdesk teams to deceive users into granting remote access to their devices. These attacks often commence with email bombing, followed by direct interaction with users under the pretense of providing assistance. The overarching goal is to gain remote access, enabling attackers to exfiltrate sensitive data and deploy further malware, including ransomware, to maintain persistence within the compromised systems.
attacker sourcesender domainit supportmicrosoft teamsquick assistmicrosoftcompromiseiocsendpointmanagementanydeskwinscpconnectwisemegasyncattackthreatip helpdesk
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (16)
All IPv4 CVE domain email
TYPEINDICATORDESCRIPTIONCREATED
IPv4 139.28.219.30 CC=FR ASN=AS9009 m247 ltd 2026-05-08
IPv4 178.130.47.35 CC=JP ASN=AS62240 clouvider limited 2026-05-08
IPv4 80.66.72.215 CC=RU ASN=AS210512 internet technologies llc 2026-05-08
CVE CVE-2026-0300 2026-05-08
CVE CVE-2026-41940 2026-05-08
IPv4 103.242.75.40 CC=SG ASN=AS41095 iptp ltd 2026-05-08
IPv4 2.58.14.254 CC=NL ASN=AS8100 quadranet enterprises llc 2026-05-08
IPv4 45.8.157.185 CC=RU ASN=AS208626 servtech ltd 2026-05-08
IPv4 94.131.111.162 CC=US ASN=AS3257 gtt communications inc. 2026-05-08
domain helpdock.top 2026-05-08
domain scanseq.top 2026-05-08
domain serviceprohub.top 2026-05-08
domain system-clean.top 2026-05-08
email helpdesk@dpf.edu.lk 2026-05-08
IPv4 5.8.157.185 CC=LB ASN=AS31126 sodetel s.a.l. 2026-05-08
IPv4 5.8.18.80 2026-05-08
References (1)
↗ https://www.esentire.com/security-advisories/increase-in-email-bombing-and-it-impersonation-campaigns