• Home
  • cyber
  • Nylas, Outpost24, Cisco and JP Morgan: Security Firm Executive Targeted in Sophisticated Phishing Attack
cyber Cyber Attack

Nylas, Outpost24, Cisco and JP Morgan: Security Firm Executive Targeted in Sophisticated Phishing Attack

Mar 12, 2026 2 min read
Nylas, Outpost24, Cisco and JP Morgan: Security Firm Executive Targeted in Sophisticated Phishing Attack

Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit

A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified Kratos phishing-as-a-service (PhaaS) kit. The attack, analyzed by Outpost24’s subsidiary Specops Software, employed a seven-step chain of redirects through trusted services to evade detection and trick the victim.

The phishing email, disguised as a legitimate message from JP Morgan, appeared as part of an existing email thread to enhance credibility. It included two DKIM signatures to bypass DMARC authentication, making it appear trustworthy. The malicious link initially pointed to Cisco’s secure-web.cisco.com, a legitimate domain used for URL rewriting, which passed Cisco’s Secure Email Gateway validation.

From there, the attack redirected through Nylas, an email API platform, before funneling the victim to a subdomain of a legitimate Indian development company. The final redirect led to a repurposed domain originally registered in 2017 by a Chinese entity, which had been reacquired on March 12 just days after its TLS certificate expired suggesting deliberate repurposing for the campaign.

The last stage of the attack used Cloudflare-protected infrastructure to conceal the origin server, serving a browser validation check to evade security analysis. The victim was then presented with a convincing Microsoft 365 phishing page, complete with a fake Outlook loading animation and real-time credential validation to ensure stolen logins were functional.

While Specops did not attribute the attack to a specific threat actor, the tactics align with those of Iran-linked groups recently targeting U.S. entities. However, similar techniques have been observed across multiple hacking collectives, leaving attribution uncertain. The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

Source: https://www.securityweek.com/security-firm-executive-targeted-in-sophisticated-phishing-attack/

Nylas cybersecurity rating report: https://www.rankiteo.com/company/nylas

J.P. Morgan cybersecurity rating report: https://www.rankiteo.com/company/jpmorgan

Outshift by Cisco cybersecurity rating report: https://www.rankiteo.com/company/outshiftbycisco

Outpost24 cybersecurity rating report: https://www.rankiteo.com/company/outpost24

"id": "NYLJPMOUTOUT1773678705",
"linkid": "nylas, jpmorgan, outshiftbycisco, outpost24",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Cybersecurity (Exposure Management & '
                                    'Identity Security)',
                        'location': 'Sweden',
                        'name': 'Outpost24',
                        'type': 'Organization'}],
 'attack_vector': 'Email',
 'data_breach': {'sensitivity_of_data': 'High (Microsoft 365 logins)',
                 'type_of_data_compromised': 'Credentials'},
 'description': 'A high-profile phishing attack targeted a C-level executive '
                'at Outpost24, a Swedish exposure management and identity '
                'security firm, leveraging the recently identified Kratos '
                'phishing-as-a-service (PhaaS) kit. The attack employed a '
                'seven-step chain of redirects through trusted services to '
                'evade detection and trick the victim.',
 'impact': {'data_compromised': 'Credentials (Microsoft 365)',
            'identity_theft_risk': 'High'},
 'initial_access_broker': {'entry_point': 'Phishing email (JP Morgan-themed)',
                           'high_value_targets': 'C-level executive'},
 'lessons_learned': 'The incident underscores the growing sophistication of '
                    'phishing campaigns, particularly those leveraging trusted '
                    'infrastructure to bypass security controls.',
 'post_incident_analysis': {'root_causes': 'Abuse of trusted infrastructure '
                                           '(Cisco Secure Email Gateway, '
                                           'Nylas, Cloudflare), DMARC bypass, '
                                           'repurposed domain'},
 'references': [{'source': 'Specops Software (Outpost24 subsidiary)'}],
 'response': {'third_party_assistance': 'Specops Software (Outpost24 '
                                        'subsidiary)'},
 'title': 'Sophisticated Phishing Attack Targets Outpost24 C-Level Executive '
          'Using Kratos Kit',
 'type': 'Phishing',
 'vulnerability_exploited': 'DMARC authentication bypass, trusted '
                            'infrastructure abuse'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.