Security News > 2020 > November > Office 365 phishing abuses Oracle and Amazon cloud services

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure.
According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.
Next, victims are redirected to a hacked website that takes them to the fake Office 365 page hosted mostly on Oracle Cloud computing service.
Mitiga says that they identified more than 40 compromised websites that were part of this Office 365 phishing campaign.
Clues found in the HTML code for the fake Office 365 pages suggest that the infrastructure is part of a phishing-as-a-service business rented to multiple clients.
News URL
Related news
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Amazon to kill off local Alexa processing, all voice requests shipped to the cloud (source)
- Oracle Cloud says it's not true someone broke into its login servers and stole data (source)
- There are 10,000 reasons to doubt Oracle Cloud's security breach denial (source)
- Oracle customers confirm data stolen in alleged cloud breach is valid (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- Oracle faces Texas-sized lawsuit over alleged cloud snafu and radio silence (source)