Security News > 2020 > July > Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks
Microsoft has seized several domains associated with a massive hacking campaign, which has targeted Office 365 accounts with phishing and business email compromise emails.
A recent court order issued by U.S. District Court for the Eastern District of Virginia allowed the tech company to disable the domains associated with the email attacks and disband the campaign: "Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals' infrastructure so that it can no longer be used to execute cyberattacks," according to Tom Burt, corporate vice president, Customer Security and Trust, in a Tuesday post.
In more recent, renewed phishing attacks the emails contained phishing themes leveraging the ongoing coronavirus pandemic - a commonly used lure for email scams, malware attacks and other malicious activities since March.
The campaign, targeting Office 365 users, sent an email that includes a link to register to the training: "COVID-19 Training for Employees: A Certificate for Health Workplaces."
After clicking through the consent prompt for the malicious web app, cybercriminals then received permission to access and control the victims' Office 365 account contents, including email, contacts, notes and material stored in the victims' OneDrive for Business cloud storage space and corporate SharePoint document management and storage system.
News URL
https://threatpost.com/microsoft-seizes-domains-office-365-phishing-scam/157261/
Related news
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)