Full Report
Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026.
Analysis Summary
# Tool/Technique: Abuse of Agentic AI Workflow Automation (n8n)
## Overview
Threat actors are weaponizing legitimate "agentic" AI workflow automation platforms, specifically **n8n**, to conduct sophisticated phishing campaigns. By leveraging the trusted infrastructure of these platforms, attackers bypass traditional security filters to deliver malware and perform device fingerprinting. The primary mechanism of abuse involves "URL-exposed webhooks" which act as reverse APIs to serve malicious content under the guise of a trusted cloud domain.
## Technical Details
- **Type:** Technique / Tool Abuse
- **Platform:** Web-based (Cloud infrastructure), Cross-platform delivery (Windows targets identified)
- **Capabilities:** Malware delivery, device fingerprinting, CAPTCHA-gated delivery, dynamic payload steering via User-Agent headers, and masked data sourcing.
- **First Seen:** October 2025 (Increase noted through March 2026)
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1566.002 - Phishing: Spearphishing Link]
- **[TA0002 - Execution]**
- [T1204.002 - User Execution: Malicious File]
- [T1059.001 - Command and Scripting Interpreter: PowerShell]
- **[TA0005 - Defense Evasion]**
- [T1553.003 - Subvert Trust Controls: Install Root Certificate (Legacy/Trusted Domain Abuse)]
- [T1036 - Masquerading]
- **[TA0007 - Discovery]**
- [T1082 - System Information Discovery (Device Fingerprinting)]
## Functionality
### Core Capabilities
- **Webhook Exploitation:** Uses n8n subdomains (`*.app.n8n[.]cloud`) to host webhook listeners that serve programmatically pulled HTML content.
- **Trusted Domain Proxying:** Masking the true source of malicious payloads by serving them through n8nās cloud infrastructure, making downloads appear to originate from a legitimate service.
- **Phishing Delivery:** Automated email generation pretending to be shared Microsoft OneDrive folders.
### Advanced Features
- **Device Fingerprinting:** Dynamically analyzing request headers (User-Agent) to tailor content or identify target environments.
- **CAPTCHA Gating:** Using HTML/JavaScript-based CAPTCHAs to prevent automated sandbox analysis and ensure human interaction before the payload triggers.
- **Encapsulated Downloads:** Using JavaScript within the webhook-delivered page to trigger a progress bar and download, hiding the external malicious URL.
## Indicators of Compromise
- **File Hashes (SHA256):**
- `93a09e54e607930dfc068fcbc7ea2c2ea776c504aa20a8ca12100a28cfdcc75a`
- `7f30259d72eb7432b2454c07be83365ecfa835188185b35b30d11654aadf86a0`
- **File Names:**
- `DownloadedOneDriveDocument.exe`
- **Network Indicators:**
- `hxxps[://]pagepoinnc[.]app[.]n8n[.]cloud/webhook/downloading-1a92cb4f-cff3-449d-8bdd-ec439b4b3496`
- `hxxps[://]monicasue[.]app[.]n8n[.]cloud/webhook/download-file-92684bb4-ee1d-4806-a264-50bfeb750dab`
- `hxxps[://]onedrivedownload[.]zoholandingpage[.]com/my-workspace/DownloadedOneDrive`
- `hxxps[://]majormetalcsorp[.]com/Openfolder`
- **Behavioral Indicators:**
- High volume of outbound traffic to `*.n8n.cloud` from unauthorized or unexpected internal sources.
- PowerShell execution chains following a file download from a webhook URL.
## Associated Threat Actors
- Unknown/Generic (Observed in wide-scale phishing campaigns targeting enterprise data).
## Detection Methods
- **Signature-based detection:** Monitoring for the specific SHA256 hashes of the Datto RMM-variant malware.
- **Behavioral detection:** Alerting on endpoint communication with `n8n.cloud` or `tti.app.n8n.cloud` if these services are not explicitly authorized for business use.
- **Traffic Analysis:** Identifying structured webhook URLs in incoming emails that do not match known legitimate service patterns.
## Mitigation Strategies
- **Network Segmentation:** Restrict access to automation platforms (n8n, Zapier, etc.) to only those users/roles with a verified business need.
- **Email Security:** Employ AI-driven email security platforms using Natural Language Processing (NLP) to detect intent-based threats rather than just domain reputation.
- **User Training:** Educate employees on the dangers of CAPTCHA-gated downloads and the abuse of cloud-based automation tools.
- **Policy Enforcement:** Use "Allow Lists" for AI and automation domains rather than relying on reactive blocking.
## Related Tools/Techniques
- **Zapier:** Similar automation platform vulnerable to similar logic abuse.
- **Softr.io:** AI-aided web building service previously observed in phishing campaigns.
- **Living off Trusted Infrastructure (LOTI):** The broader technique of using legitimate SaaS and Cloud services to host malicious components.