Microsoft 365 Accounts Hit by Cyber Attack

Fast Summary

• Nature of the Attack: Cybercriminals are targeting Microsoft 365 users via WhatsApp and Signal, impersonating political officials to steal credentials.
• Perpetrators: Believed to be Russian actors posing as European diplomats or political officials working on Ukraine-related issues.
• Methodology:

– Victims receive an invitation for a video call or conference discussing Ukraine topics.
– Attackers send a phishing link disguised as an OAuth authentication URL alongside PDF instructions.
– Victims mistakenly share an authentication code that grants attackers access for up to 60 days without requiring their password change.

• Focus areas: Initially targeted human rights and Ukraine-related organizations but could expand beyond these sectors.
• Prevention Measures Recommended:

– Set conditional access policies for Microsoft accounts tied exclusively to approved devices.
– Enable login alerts and adopt a zero-trust mindset regarding suspicious dialog.

Image: Microsoft’s app displayed on a smartphone screen
!medium=RSS”>Read more