Cybercriminals are increasingly targeting MailChimp, a popular email marketing platform, through sophisticated phishing and social engineering attacks.
Recent incidents reveal compromised accounts being used to exfiltrate subscriber lists, impersonate trusted brands, and launch secondary attacks.
Attackers bypass multi-factor authentication (MFA) by stealing session cookies via infostealer malware like RedLine and Lumma, enabling unauthorized access without triggering login alerts.
Constella Intelligence reported over 1,200 fresh infections in recent days, with corporate accounts in Mexico, Australia, and Colombia being the most affected.
Automated Phishing and Sector-Specific Targeting
High-profile victims, including cybersecurity expert Troy Hunt, highlight the automation of these attacks.
Hunt’s credentials were phished via a fake login page, and his MailChimp subscriber list was exported within minutes, demonstrating the speed of these operations.
The attacks disproportionately target education, marketing, and e-commerce sectors, leveraging legacy systems and limited security resources.
MailChimp’s reliance on OTP-based 2FA, rather than phishing-resistant methods like passkeys, has been criticized as a weak link.
Ongoing Vulnerabilities and Mitigation Gaps
This marks MailChimp’s second major breach in six months, following a January 2023 incident where hackers used social engineering to compromise employee credentials and access 133 customer accounts.
Despite security updates, attackers continue exploiting the platform’s trusted reputation to distribute malware and BEC scams.
Experts urge organizations to monitor for stolen credentials, enforce hardware-based authentication, and audit third-party tool access.
Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.
