← All stories

Infosecurity Magazine

Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails

19 hours ago · Read original ↗

ATT&CK techniques detected

5 predictions

T1566.002Spearphishing Link

99%

““ open the personalized attachment ” to review case materials. the attached pdf encouraged recipients to click the “ review case materials ” link, this is what initiated the credential harvesting flow. the attackers designed the message to appear legitimate by claiming it came fr…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

97%

“microsoft flags mass phishing campaign using fake compliance emails a phishing campaign targeting more than 35, 000 users across 13, 000 organizations has been identified by the microsoft defender research team. the large - scale credential theft campaign used fake internal compl…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1556.006Multi-Factor Authentication

57%

“staged pages with email entries, captchas and reassuring status messages before being redirected, based on device type, to a final phishing site. there, users were prompted to sign in with microsoft under the guise of a compliance review, triggering an aitm session hijack to stea…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1111Multi-Factor Authentication Interception

47%

“staged pages with email entries, captchas and reassuring status messages before being redirected, based on device type, to a final phishing site. there, users were prompted to sign in with microsoft under the guise of a compliance review, triggering an aitm session hijack to stea…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1528Steal Application Access Token

37%

“staged pages with email entries, captchas and reassuring status messages before being redirected, based on device type, to a final phishing site. there, users were prompted to sign in with microsoft under the guise of a compliance review, triggering an aitm session hijack to stea…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Microsoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwide