Microsoft Targeted by Hackers in Phishing Campaign

Microsoft Targeted by Hackers in Phishing Campaign

Tyler Cross Tyler Cross
Published on: February 2, 2023
Microsoft Targeted by Hackers in Phishing Campaign

Microsoft was recently targeted by threat actors who abused the Oauth app registration’s “Verified Partner” system by impersonating legitimate companies.

Microsoft stated that these hackers took part in a large consent phishing campaign, which is when malicious actors will trick users into giving their apps permissions to their devices — it can then be used to steal data or breach legitimate cloud-based apps.

In a blog post, the Microsoft Security Response Center said the phishing attack “used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD.“

This let the hackers trick users into granting permissions to faulty apps by being disguised as legitimate services or brands like Zoom.

Microsoft first became aware of the breach on Dec. 15, according to Windows Maker, and promptly shut down the dangerous apps and informed the impacted customers about the breach.

The apps had dangerous permissions, including reading emails and configuring mailbox settings, as well as accessing users’ files and other data while targeting sectors like financial, marketing, managers, and senior executives. The attacks were mostly concentrated in the UK and Ireland. While the extent of the damages is unknown right now, the breach was significant.

The campaign supposedly stopped on Dec 27, a week after the fraudulent apps were disabled by Microsoft.

Microsoft has faced several breaches in the past as well. There was one last January, and another one in September, with Oauth apps being targeted by different hacker groups both times.

Microsoft assured customers that it’s working hard to remedy the situation.

“We have implemented several additional security measures to improve the MCPP vetting process and decrease the risk of similar fraudulent behavior in the future,” Microsoft said in a release. “We will continue to monitor for future malicious activity and make ongoing improvements to prevent fraud, consent phishing, and a range of other persistent threats.”

Source of Article