TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails

1 day ago · Read original ↗

ATT&CK techniques detected

5 predictions
T1566.002Spearphishing Link
99%
"“ open the personalized attachment ” to review case materials. the attached pdf encouraged recipients to click the “ review case materials ” link, this is what initiated the credential harvesting flow. the attackers designed the message to appear legitimate by claiming it came fr…"
T1566.002Spearphishing Link
97%
"microsoft flags mass phishing campaign using fake compliance emails a phishing campaign targeting more than 35, 000 users across 13, 000 organizations has been identified by the microsoft defender research team. the large - scale credential theft campaign used fake internal compl…"
T1556.006Multi-Factor Authentication
57%
"staged pages with email entries, captchas and reassuring status messages before being redirected, based on device type, to a final phishing site. there, users were prompted to sign in with microsoft under the guise of a compliance review, triggering an aitm session hijack to stea…"
T1111Multi-Factor Authentication Interception
47%
"staged pages with email entries, captchas and reassuring status messages before being redirected, based on device type, to a final phishing site. there, users were prompted to sign in with microsoft under the guise of a compliance review, triggering an aitm session hijack to stea…"
T1528Steal Application Access Token
37%
"staged pages with email entries, captchas and reassuring status messages before being redirected, based on device type, to a final phishing site. there, users were prompted to sign in with microsoft under the guise of a compliance review, triggering an aitm session hijack to stea…"

Summary

Microsoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwide