Noted increase this week from phishing originating from Comcast.
This is a well known actor we are tracking.. seems they have found a new
vector to use.
It's from the:
resomta-a2p-647652.sys.comcast.net (example)
.. residential mail cluster.
Brief Information:
Targeting ISPs in North America with sophisticated phishing campaign.
.. by resomta-a2p-647652.sys.comcast.net with ESMTPS
Note, these are NOT ESMTPSA (authenticated connections)
Using IPv6 addresses..
eg.
X-Originating-IP: 2605:6440:3008:3000:eb78:2ddc:9a30:e828
NetRange: 2605:6440:: - 2605:644F:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR: 2605:6440::/28
NetName: MAXIHOST-LLC-V6
NetHandle: NET6-2605-6440-1
Parent: NET6-2600 (NET6-2600-1)
NetType: Direct Allocation
OriginAS:
Organization: Latitude.sh (ML-1213)
RegDate: 2019-09-09
Updated: 2022-08-30
Ref: https://rdap.arin.net/registry/ip/2605:6440::
OrgName: Latitude.sh
OrgId: ML-1213
Address: 3 Germay Dr Unit 4 #4438
City: Wilmington
StateProv: DE
PostalCode: 19804
Country: US
Could someone contact me off list to chat about this actor?
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
