Security News > 2020 > July > Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks

Microsoft has seized several domains associated with a massive hacking campaign, which has targeted Office 365 accounts with phishing and business email compromise emails.
A recent court order issued by U.S. District Court for the Eastern District of Virginia allowed the tech company to disable the domains associated with the email attacks and disband the campaign: "Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals' infrastructure so that it can no longer be used to execute cyberattacks," according to Tom Burt, corporate vice president, Customer Security and Trust, in a Tuesday post.
In more recent, renewed phishing attacks the emails contained phishing themes leveraging the ongoing coronavirus pandemic - a commonly used lure for email scams, malware attacks and other malicious activities since March.
The campaign, targeting Office 365 users, sent an email that includes a link to register to the training: "COVID-19 Training for Employees: A Certificate for Health Workplaces."
After clicking through the consent prompt for the malicious web app, cybercriminals then received permission to access and control the victims' Office 365 account contents, including email, contacts, notes and material stored in the victims' OneDrive for Business cloud storage space and corporate SharePoint document management and storage system.
News URL
https://threatpost.com/microsoft-seizes-domains-office-365-phishing-scam/157261/
Related news
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Microsoft releases emergency update to fix Office 2016 crashes (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Microsoft: Office 2016 and Office 2019 reach end of support in October (source)