In a recent alert, Microsoft disclosed a quite novel (or archaical – you choose) way of a phishing / hacking crew, which relies on morse codes embedded in html pages.
While the find is about a phishing attempt and the goal is surely to obfuscate the malicious intention of the emails and attachments so as to evade the endpoint or mail gateway protections in place, the idea is quite interesting.
The campaign used phishing emails that changed the obfuscation methods every 37 days and one of the methods found by Microsoft was a morse encoder embedded right into a html document.
All other circumstances are the same old, same old: an invoice-themed mail, credential harvesting, etc.
But whoever done this was maybe new to the phishing trade, but certainly not new to the encryption / obfuscation / steganography business…