--- title: "Malign AI Chatbots, Teams Targeted: Russian Threats, Facebook’s Zero-day Threat – Cybersecurity News [July 31, 2023] | Phish Protection" description: "emailsecurity · [AI Chatbots, Russian Threats, Facebook" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-31-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-31-of-2023/" --- Quick Answer emailsecurity · \[AI Chatbots, Russian Threats, Facebook's Zero-day, Cybersecurity News \[July 31, 2023\]\](https://soundcloud.com/phishprotection/ai-chatbots-russian-threats-facebooks-zero-day-cybersecurity-news-july-31-2023) Here's a close look at the latest phishing news covering significant attacks on Facebook, Google, and Microsoft. Security experts are warning about a concerning rise in phishing attacks that exploit Google AMP (Accelerated Mobile Pages) to bypass email security measures, making their way into enterprise employees' inboxes. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-31-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Malign%20AI%20Chatbots%2C%20Teams%20Targeted%3A%20Russian%20Threats%2C%20Facebook%26%238217%3Bs%20Zero-day%20Threat%20%26%238211%3B%20Cybersecurity%20News%20%5BJuly%2031%2C%202023%5D&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-31-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-31-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-31-of-2023%2F&title=Malign%20AI%20Chatbots%2C%20Teams%20Targeted%3A%20Russian%20Threats%2C%20Facebook%26%238217%3Bs%20Zero-day%20Threat%20%26%238211%3B%20Cybersecurity%20News%20%5BJuly%2031%2C%202023%5D "Share on Reddit") [ ](mailto:?subject=Malign%20AI%20Chatbots%2C%20Teams%20Targeted%3A%20Russian%20Threats%2C%20Facebook%26%238217%3Bs%20Zero-day%20Threat%20%26%238211%3B%20Cybersecurity%20News%20%5BJuly%2031%2C%202023%5D&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-31-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/08/what-is-phishing-3.jpg) [emailsecurity](https://soundcloud.com/phishprotection) · [AI Chatbots, Russian Threats, Facebook’s Zero-day, Cybersecurity News \[July 31, 2023\]](https://soundcloud.com/phishprotection/ai-chatbots-russian-threats-facebooks-zero-day-cybersecurity-news-july-31-2023) Here’s a close look at the latest phishing news covering **significant attacks** on Facebook, Google, and Microsoft. ### Google AMP Exploited by Threat Actors in Sophisticated Phishing Attacks Security experts are[warning](https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/)about a concerning rise in phishing attacks that exploit **Google AMP (Accelerated Mobile Pages)** to bypass [email security](/resources/practices-for-email-security-learning-implementing-protecting) measures, making their way into enterprise employees’ inboxes. [Google AMP](https://support.google.com/google-ads/answer/7384020?hl=en#:~:text=Accelerated%20Mobile%20Pages%20%28AMP%29%20is,versions%20of%20your%20landing%20pages.) is a collaborative HTML (Hyper Text Markup Language) framework that enhances the loading speed of web content on mobile devices. These AMP pages are **hosted on Google’s servers**, simplifying content and pre-loading heavier media elements for faster delivery. The tactic behind incorporating Google AMP URLs (Uniform Resource Locators) into phishing emails is to avoid detection by [email protection](/products/email-fraud-protection) technologies, leveraging Google’s reputable image. Upon clicking the AMP URLs, victims are redirected to malicious **phishing sites**, adding a layer to thwart analysis efforts. _To enhance stealth and success rates, phishing actors employ various evasive methods._ A multi-faceted approach from malicious actors makes it increasingly challenging for targets and security tools to identify and block phishing threats effectively. Therefore, users and organizations must **be aware and cautious** to safeguard against evasive phishing attacks. ### Microsoft Teams Phishing Attacks: Government Organizations Under Fire by Russian Threat Actors > “Microsoft’s built-in phishing protection in Office 365 catches the obvious attacks, but it consistently misses targeted spear phishing and zero-day threats. We see this every day - customers come to us after an incident that Microsoft Defender didn’t catch. Adding a dedicated anti-phishing layer takes five minutes and closes that gap.” - **Adam Lundrigan**, CTO, DuoCircle Microsoft has reported that a malicious group known as **APT29**, which is linked to Russia’s Foreign Intelligence Service (SVR), has launched targeted phishing attacks on numerous organizations worldwide, including government agencies, using the [Microsoft Teams](https://www.hackread.com/microsoft-teams-flaw-malware-employees-inbox/) platform. According to Microsoft’s[findings](https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/), nearly 40 organizations have been affected by this campaign. The attackers, also known as **Midnight Blizzard**, appear to have specific espionage objectives, focusing on government agencies, NGOs (Non-Government Organizations), IT services, technology, discrete manufacturing, and media sectors. The threat actors use compromised [Microsoft 365](/phishing-awareness/microsoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture) accounts to create domains with a **technical theme**. Using social engineering tactics, they sent tech support lures to deceive users and trick them into approving MFA (Multi-Factor Authentication) prompts, aiming to steal their credentials. The attackers use **legitimate onmicrosoft.com** subdomains for their messages to appear more trustworthy. ![What is phishing](https://media.mailhop.org/phishprotection/images/2023/08/what-is-phishing-3.jpg) Microsoft has taken measures to **block the use of these domains** in further attacks and is actively working to rectify the campaign’s impact. Organizations must be vigilant against such Microsoft Teams phishing attacks and be cautious when dealing with suspicious messages and files. It is imperative for them to implement necessary [phishing protection](/) solutions. ### Facebook Phishing Attack Leveraging Salesforce Zero-day Exploitation by Threat Actors Malicious actors employed a [previously unknown vulnerability](https://www.cpomagazine.com/cyber-security/moveit-transfer-zero-day-vulnerability-what-companies-need-to-know/) in Salesforce’s email services and **SMTP servers** to execute an intricate phishing campaign targeting high-value Facebook accounts . The attackers utilized a flaw named “**PhishForce**” to circumvent Salesforce’s sender verification measures and exploit certain peculiarities within **Facebook’s web games platform**, allowing them to send phishing emails on a massive scale. By leveraging a reputable [email gateway](https://www.bleepingcomputer.com/news/security/barracuda-warns-of-email-gateways-breached-via-zero-day-flaw/) like Salesforce, the attackers could evade secure email gateways and filtering protocols, ensuring their malicious emails reached the recipients’ inboxes. The objective of the **phishing kit** used in this Facebook phishing attack campaign was to steal account credentials, even including mechanisms to bypass 2FA . Guardio Labs[reported](https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa)their findings to Salesforce, leading to a resolution of the vulnerability. As phishing scam actors continually seek new opportunities to exploit legitimate service providers, users should remain vigilant, **scrutinizing incoming emails** for discrepancies and verifying claims before acting. ### Malicious Actors Utilize AI Chatbots for Advanced Phishing and Malware Campaigns ![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2023/08/phishing-attack-prevention-6323.jpg) Following the WormGPT incident involving a [malicious ChatGPT clone](https://decrypt.co/148963/wormgpt-chatgpt-phishing-attack-malicious-malware), a new hacking tool called **FraudGPT** emerged. Besides, another AI tool allegedly in development based on Google’s Bard experiment is also making news. Information on WormGPT and FraudGPT came to light through an individual with the nickname CanadianKingpin12, who seems deeply involved in providing chatbots trained for **malicious purposes** such as phishing, social engineering, exploiting vulnerabilities, and creating malware. FraudGPT came to be known on July 25 and is **being spread** on the dark web and malicious forums as a tool for threat actors. [Cybersecurity](/content/cybersecurity-in-a-nutshell) enterprise SlashNext’s investigation[revealed](https://slashnext.com/blog/ai-based-cybercrime-tools-wormgpt-and-fraudgpt-could-be-the-tip-of-the-iceberg/)that CanadianKingpin12 actively trains chatbots using dark web data or large language models meant for combating cybercrime. CanadianKingpin12 mentioned **developing DarkBART**, a vicious version of Google’s conversational AI and had access to another model named DarkBERT, trained on dark web data for cybersecurity purposes. Malicious use of DarkBERT can perform **advanced phishing scams**, launch social engineering attacks, exploit vulnerabilities, conduct malware attacks, and target [zero-day](/content/zero-day-protection/zero-day-attack-example) vulnerabilities. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Malign AI Chatbots, Teams Targeted: Russian Threats, Facebook’s Zero-day Threat – Cybersecurity News [July 31, 2023]","description":"emailsecurity · [AI Chatbots, Russian Threats, Facebook's Zero-day, Cybersecurity News [July 31, 2023]](https://soundcloud.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-31-of-2023/","datePublished":"2023-08-09T05:21:51.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-08-09T05:21:51.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-31-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":761,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/08/what-is-phishing-3.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Malign AI Chatbots, Teams Targeted: Russian Threats, Facebook’s Zero-day Threat – Cybersecurity News [July 31, 2023]","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-31-of-2023/"}]} ```