Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

‘Greatness’ Phishing Targets Microsoft 365

May 11, 2023
Reading Time: 2 mins read
in Alerts
‘Greatness’ Phishing Targets Microsoft 365

 

The ‘Greatness’ Phishing-as-a-Service (PhaaS) platform has experienced a surge in activity, specifically targeting organizations that use Microsoft 365 in countries like the United States, Canada, the U.K., Australia, and South Africa.

Given the widespread adoption of Microsoft 365 among various industries, cybercriminals are increasingly attempting to exploit this cloud-based productivity platform to steal data and credentials for potential network breaches.

A recent report by Cisco Talos highlights the emergence of the Greatness phishing platform in mid-2022, with notable spikes in activity observed in December 2022 and March 2023.

Most of the victims targeted by Greatness are located in the United States, spanning sectors such as manufacturing, healthcare, technology, education, real estate, construction, finance, and business services. The Phishing-as-a-Service platform offers comprehensive tools and functionalities required for conducting successful phishing campaigns.

Attackers leverage the Greatness admin panel, using their API key to access the service and supply a list of target email addresses. The platform then provisions the necessary infrastructure, including hosting servers for phishing pages and generating HTML attachments.

The victims receive phishing emails containing HTML attachments, which, when opened, execute an obfuscated JavaScript code that connects with the Greatness server to fetch the phishing page. To increase the illusion of legitimacy, the service injects the target’s company logo and background image from their actual Microsoft 365 login page.

Victims enter their passwords on the convincing phishing page, with Greatness pre-filling the correct email address. Acting as a proxy between the victim’s browser and the legitimate Microsoft 365 login page, the phishing platform handles the authentication flow to obtain a valid session cookie for the target account.

In cases where the targeted account has two-factor authentication, Greatness prompts the victim to provide the necessary code, simultaneously triggering a request on the real Microsoft service to send the one-time code to the victim’s device.

Once the victim provides the multifactor authentication (MFA) code, Greatness authenticates as the victim on the genuine Microsoft platform and transmits the authenticated session cookie to the affiliate via a Telegram channel or the service’s web panel. Attackers can then exploit this session cookie to gain unauthorized access to the victim’s email, files, and data within Microsoft 365 services.

Often, the stolen credentials are also utilized to breach corporate networks, facilitating more perilous attacks like ransomware deployment.

Reference:
  • New phishing-as-a-service tool “Greatness” already seen in the wild
Tags: Cyber AlertCyber Alerts 2023CyberattackGreatnessMay 2023MicrosoftPhaaSPhishing
ADVERTISEMENT

Related Posts

Forminator Plugin Flaw Risks 600,000 Sites

Forminator Plugin Flaw Risks 600,000 Sites

July 2, 2025
Forminator Plugin Flaw Risks 600,000 Sites

Oil-Themed Phishing Spreads Snake Keylogger

July 2, 2025
Forminator Plugin Flaw Risks 600,000 Sites

Kimsuky Tricks Users Into Self Hacking

July 2, 2025
C4 Bomb Cracks Chrome Cookie Encryption

Scammers Use Fake Ads to Steal Pi Wallets

July 1, 2025
C4 Bomb Cracks Chrome Cookie Encryption

Blind Eagle Uses VBS Scripts to Deploy RATs

July 1, 2025
C4 Bomb Cracks Chrome Cookie Encryption

C4 Bomb Cracks Chrome Cookie Encryption

July 1, 2025

Latest Alerts

Oil-Themed Phishing Spreads Snake Keylogger

Forminator Plugin Flaw Risks 600,000 Sites

Kimsuky Tricks Users Into Self Hacking

Scammers Use Fake Ads to Steal Pi Wallets

Blind Eagle Uses VBS Scripts to Deploy RATs

C4 Bomb Cracks Chrome Cookie Encryption

Subscribe to our newsletter

    Latest Incidents

    Cyberattack on Brazils CM Software Vendor

    Cyberattack Halts Hero España Production

    Hacker Attack on Australian Airline Qantas

    Cyberattack Hits Austrian Hospital Vendor

    Sophisticated Attack Hits War Crimes Court

    Ransomware Hits Swiss Government Vendor

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial