Found 32 bookmarks
Custom sorting
Storm-2372 conducts device code phishing campaign
Storm-2372 conducts device code phishing campaign
Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East. Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.
#microsoft#EN#2025#Storm-2372#phishing#campaign#Russia
·microsoft.com·
Storm-2372 conducts device code phishing campaign
Hackers spoof Microsoft ADFS login pages to steal credentials
Hackers spoof Microsoft ADFS login pages to steal credentials
A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. #ADFS #Account #Computer #InfoSec #Lateral #MFA #Microsoft #Notification #Phishing #Push #Security #Takeover
#Computer#MFA#Phishing#Microsoft#InfoSec#Account#Lateral#ADFS#Takeover#Notification#Security#Push
·bleepingcomputer.com·
Hackers spoof Microsoft ADFS login pages to steal credentials
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. #Accounts #Computer #Fake #Honeypot #InfoSec #Microsoft #Phishing #Security
#InfoSec#Accounts#Computer#Phishing#Honeypot#Security#Microsoft#Fake
·bleepingcomputer.com·
Microsoft creates fake Azure tenants to pull phishers into honeypots
File hosting services misused for identity phishing
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
#microsoft#EN#2024#File#hosting#SharePoint#OneDrive#Dropbox#social-engineering#identity#phishing#research
·microsoft.com·
File hosting services misused for identity phishing
DarkGate malware delivered via Microsoft Teams - detection and response
DarkGate malware delivered via Microsoft Teams - detection and response
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.
#cybersecurity.att.com#EN#2024#Microsoft#Teams#phishing#malware
·cybersecurity.att.com·
DarkGate malware delivered via Microsoft Teams - detection and response
Storm-0978 attacks reveal financial and espionage motives
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a zero-day remote code execution vulnerability exploited via Microsoft Word documents.
#microsoft#EN#2023#Storm-0978#Follina#CVE-2023-36884#ero-day#remote#phishing
·microsoft.com·
Storm-0978 attacks reveal financial and espionage motives
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).
#microsoft#EN#2022#phishing#MFA#AiTM#hijack#session
·microsoft.com·
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).
#microsoft#EN#2022#phishing#MFA#AiTM#hijack#session
·microsoft.com·
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud