TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Datadog Security Labs

CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing

2025-10-20 · Read original ↗

ATT&CK techniques detected

13 predictions
T1525Implant Internal Image
85%
"" microsoft power platform " icon, they may mistake this for one of microsoft ' s other copilot services. once the user clicks " login, " they are redirected to a malicious oauth application. however, this button can be configured to redirect them to any malicious url. the use of…"
T1566.002Spearphishing Link
80%
"external to the target environment, then modified by an attacker to send the resulting user token to a url under their control. an overview of this attack is shown below. demo : targeting users with a malicious copilot studio agent let ' s say a user accessed a malicious agent, c…"
T1528Steal Application Access Token
75%
"cophish : using microsoft copilot studio as a wrapper for oauth phishing key points - copilot studio links look benign, but they can host content to redirect users to arbitrary urls. one example of this is the built - in " login " button, which allows delivery of oauth phishing a…"
T1528Steal Application Access Token
71%
"international documented use of entra id applications to take full control of users ' email data. these attacks are still relevant today, as reported by red canary. while protections against these attacks have improved, two major scenarios remain where an attacker can use oauth c…"
T1525Implant Internal Image
65%
"use datadog cloud siem, the following detections monitor for potential oauth phishing attacks and consent to suspicious applications : - potential illicit consent grant attack via azure registered application - consent given to application associated with business email compromis…"
T1525Implant Internal Image
61%
"application consent policy is not sufficient to address all permissions that can lead to sensitive data access. even after upcoming changes to microsoft ' s default policy, you may want to create a stronger application consent policy to prevent unprivileged users from granting se…"
T1528Steal Application Access Token
61%
"copilotstudio. microsoft. com. our example will also automate exfiltration of the resulting token in copilot studio ' s topics. however, an attacker could also configure a topic to take any action on behalf of a user with the token. abuse of microsoft services to distribute malic…"
T1525Implant Internal Image
58%
"copilotstudio. microsoft. com. our example will also automate exfiltration of the resulting token in copilot studio ' s topics. however, an attacker could also configure a topic to take any action on behalf of a user with the token. abuse of microsoft services to distribute malic…"
T1525Implant Internal Image
50%
"microsoft graph permissions. future changes in the past month, microsoft has announced another update to their default application consent policy to take effect in late october 2025. once implemented, this update would limit all but the onenote permissions ( notes. readwrite ) in…"
T1525Implant Internal Image
50%
"or uncommon applications can identify oauth phishing attacks. consider monitoring the events below to detect suspicious application consent activities. entra id audit logs - activity display name : " consent to application " microsoft 365 audit logs - operation : " consent to app…"
T1528Steal Application Access Token
46%
"external to the target environment, then modified by an attacker to send the resulting user token to a url under their control. an overview of this attack is shown below. demo : targeting users with a malicious copilot studio agent let ' s say a user accessed a malicious agent, c…"
T1525Implant Internal Image
37%
"international documented use of entra id applications to take full control of users ' email data. these attacks are still relevant today, as reported by red canary. while protections against these attacks have improved, two major scenarios remain where an attacker can use oauth c…"
T1528Steal Application Access Token
36%
"microsoft graph permissions. future changes in the past month, microsoft has announced another update to their default application consent policy to take effect in late october 2025. once implemented, this update would limit all but the onenote permissions ( notes. readwrite ) in…"

Summary

Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, we document a method by which a Copilot Studio agent's login settings can redirect a user to any URL, including an OAuth consent attack.