← All stories

Bleeping Computer

ConsentFix v3 attacks target Azure with automated OAuth abuse

Bill Toulas · 4 days ago · Read original ↗

ATT&CK techniques detected

6 predictions

T1566.002Spearphishing Link

96%

"time. in the next phase, the attacker deploys a phishing page hosted on cloudflare pages that mimics a legitimate microsoft / azure interface and initiates a real oauth flow through microsoft ’ s login endpoint. when the victim interacts with the page, they are redirected to a lo…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1528Steal Application Access Token

65%

"consentfix v3 attacks target azure with automated oauth abuse a new attack type, dubbed consentfix v3, has been circulating on hacker forums as an improved technique that automates attacks against microsoft azure. the first version of consentfix was presented by push security las…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1528Steal Application Access Token

62%

"time. in the next phase, the attacker deploys a phishing page hosted on cloudflare pages that mimics a legitimate microsoft / azure interface and initiates a real oauth flow through microsoft ’ s login endpoint. when the victim interacts with the page, they are redirected to a lo…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1078.004Cloud Accounts

50%

"trusted and pre - consented. however, it brings an improvement by incorporating automation and scalability. consentfix v3 attack flow according to information retrieved from hacker forums where the new technique is promoted, the attack begins by verifying the presence of azure in…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1528Steal Application Access Token

37%

"trusted and pre - consented. however, it brings an improvement by incorporating automation and scalability. consentfix v3 attack flow according to information retrieved from hacker forums where the new technique is promoted, the attack begins by verifying the presence of azure in…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

33%

"consentfix v3 attacks target azure with automated oauth abuse a new attack type, dubbed consentfix v3, has been circulating on hacker forums as an improved technique that automates attacks against microsoft azure. the first version of consentfix was presented by push security las…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. [...]