A large Microsoft 365 spoofing campaign (spear phishing) evades Office 365’s native defenses and other email security defenses to target financial departments, C-suite executives and executive assistants across the financial services, insurance and retail industries.
Attackers even specifically targeted newly-selected CEOs during critical transitionary periods.
The credential harvesting campaigns utilized a variety of sophisticated techniques, including spoofing various Microsoft 365 service updates; using Microsoft-themed sender domains (to bypass email authentication); including PDF/HTM/HTML attachments; and leveraging advanced phishing kits.
Although Area 1 blocked these campaigns, had the campaigns been successful, the attackers could have, for example, gained access to sensitive data of third parties to send fraudulent invoices and launch additional Business Email Compromise attacks.
Area 1 Security recently stopped a sophisticated Microsoft Office 365 credential harvesting campaign targeting C-suite executives, high-level assistants, and financial departments across numerous industries, including financial services, insurance, and retail. Further research and analysis of the activity revealed a much larger operation than originally discovered. This included several additional directly-related credential phishing campaigns that targeted the same industries and positions using sophisticated techniques and advanced phishing kits, to bypass Microsoft’s native email defenses and email authentication.