This article explains the email-based social engineering of criminals to spread spam emails and increase the infection pool. The user accounts that were not secured using MFA create a chance for attackers to steal credentials in target organizations and use them to expand their foothold.
Users started receiving phishing links (Docusign-branded); once they clicked the link, it directed them to a rogue website requesting Office 365 login credentials to enter. Using this phishing method, attackers accessed 100 mailboxes and implemented an inbox detection rule to users’ Outlook. Then the second phase started with attacker-controlled devices joining Azure AD. It helped attackers to expand their attack and move laterally through the network.
The Hacker News: https://thehackernews.com/2022/01/hackers-using-device-registration-trick.html
Miray Bolukbasi
Leave a Reply