Dark Mode Light Mode

This Cyber Attack Targets Microsoft 365 Accounts

This Cyber Attack Targets Microsoft 365 Accounts This Cyber Attack Targets Microsoft 365 Accounts
This Cyber Attack Targets Microsoft 365 Accounts



A new cyberattack is targeting 365 users through Signal and WhatsApp messages, with hackers impersonating officials in order to gain access to accounts.

According to reporting from Bleeping Computer, bad actors—who are believed to be Russians pretending to be European political officials or diplomats—are contacting employees of organizations working on issues related to and human rights. The end goal is to trick targets into clicking an OAuth phishing link leading them to authenticate their Microsoft 365 credentials.

This scam, first discovered by cybersecurity firm Volexity, has focused specifically on organizations related to Ukraine, but a similar approach could be used more widely to steal user data or take over devices.

How the Microsoft 365 OAuth attack works

This attack typically begins with targets receiving a message via Signal or WhatsApp from a user posing as a political official or diplomat with an invitation to a video call or conference to discuss issues related to Ukraine.

According to Volexity, attackers may claim to be from the Mission of Ukraine to the European , the Permanent Delegation of the Republic of Bulgaria to NATO, or the Permanent Representation of Romania to the European Union. In one variation, the campaign starts with an email sent from a hacked Ukrainian government account followed by communication via Signal and WhatsApp.

Once a thread is established, bad actors send victims PDF instructions along with an OAuth phishing URL. When clicked, the user is prompted to log into Microsoft and third-party that utilize Microsoft 365 OAuth and redirected to a landing page with an authentication code, which they are told to share in order to enter the meeting. This code, which is valid for 60 days, gives attackers access to email and other Microsoft 365 resources, even if victims change their .


What do you think so far?

spot the Microsoft 365 OAuth attack

This attack is one of several recent threats abusing OAuth authentication, which can make it harder to identify as suspect, at least from a technical point of view. Volexity recommends setting up conditional access policies on Microsoft 365 accounts to approved devices only, as well as enabling login alerts.

Users should also be wary of social engineering tactics that play on human psychology to successfully carry out phishing and other types of cyber attacks. Examples include messages that are unusual or out of character—especially for a sender you know or —communication that prompts an emotional response (like fear or ), and requests that are urgent or offers that are too good to be true.

A social engineering explainer from CSO advises a “zero-trust mindset” as well as watching out for common signs like grammar and spelling mistakes and instructions to click links or open attachments. Screenshots of the Signal and WhatsApp messages shared by Volexity show small errors that give them away as potentially fraudulent.





Source link

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
NYTimes Connections

NYT Connections today hints and answers — Sunday, April 27 (#686)

Next Post
Indie App Spotlight: 'Pixel Paws' is a joyful digital pets game for your Apple Watch

Indie App Spotlight: 'Pixel Paws' is a joyful digital pets game for your Apple Watch

Discover more from rjema

Subscribe now to keep reading and get access to the full archive.

Continue reading