Cybercriminals are increasingly weaponizing trusted global brands to launch attacks that can bypass traditional security layers. In a recent case, Sweden-based cybersecurity firm Outpost24 was targeted in a highly sophisticated seven-stage phishing operation aimed at a top executive. The company’s threat intelligence team detected the campaign in time, preventing any potential damage.
Investigations revealed that attackers leveraged the credibility and infrastructure of widely trusted platforms such as Cisco, JP Morgan, and Microsoft to construct a multi-layered attack chain. The campaign is believed to have been executed using a phishing-as-a-service toolkit known as “Kratos.”
Attack Began With a Convincing Email, Used Legitimate Services at Every Step
The attack started with a highly convincing email disguised as an official communication from JP Morgan. It was presented as part of an ongoing email thread to avoid raising suspicion. The message contained a “Review Document” link designed to lure the target.
In the first stage, the link passed through Cisco’s secure web infrastructure, making it appear legitimate to email security systems. The user was then redirected via Nylas, a legitimate API service used for email automation and tracking.
In the next phase, the victim was shown a PDF document hosted on the compromised server of an Indian software company. A hidden link inside the PDF redirected the user to an expired domain that had been re-registered by the attackers.
In the final stage, the victim was sent to a malicious domain hosted behind Cloudflare, making it difficult to trace or block. This page contained the actual credential harvesting interface, prompting the user to enter Microsoft account details.
FutureCrime Summit 2026 Calls for Speakers From Government, Industry and Academia
Designed Exclusively for Human Targets
One of the most alarming aspects of the attack was its use of anti-bot and human verification mechanisms. Automated security tools scanning the links would not detect any malicious activity. The phishing payload was only revealed when accessed by a real human user, making the attack significantly harder to detect.
Expert Warning: ‘Trust Is Becoming the Biggest Vulnerability’
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh warned that such attacks are increasingly exploiting human psychology.
“Cybercriminals are now leveraging social engineering to weaponize trust. When users see names like Cisco or JP Morgan, they tend to lower their guard. That trust is now the biggest vulnerability,” he said.
He further noted that phishing-as-a-service models have lowered the entry barrier for cybercrime.
“Today, even low-skilled attackers can purchase ready-made toolkits and launch sophisticated attacks. This makes user awareness just as critical as technological defenses.”
Attack ‘Laundered’ Through Trusted Services
Experts pointed out that the attackers effectively “laundered” their malicious links through multiple legitimate platforms, making them appear clean at each stage. This technique, often referred to as “link laundering,” helps bypass individual security checkpoints.
Potential Impact Could Have Been Widespread
Cybersecurity firms like Outpost24 are deeply integrated into multiple client environments. If the attack had succeeded, compromising a single executive account could have opened pathways into several other organizations’ systems and sensitive data.
Defensive Measures: Beyond Traditional Security
Experts emphasize that traditional email filters and antivirus tools are no longer sufficient against such advanced threats. Organizations are advised to adopt a zero-trust security model, enforce multi-factor authentication, and conduct regular cybersecurity awareness training for employees.
Additionally, users should verify the authenticity of email links before clicking, avoid downloading unknown attachments, and report suspicious activity immediately to minimize risk.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
