Security News > 2021 > March > Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departments
A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous industries.
The threat actors are leveraging phishing kits and a number of sophisticated methods at every step of the attack.
"In some cases, the attackers were even more stealthy by prefetching the localized Office 365 sign-in," the researchers explained.
"If the victim entered their email address, the attacker would verify it was a valid Office 365 address. In instances where the entered email address used Conditional Access, a different single sign-on, Active Directory Federation Services, etc., the phishing kit would essentially break and the victim would simply be redirected to the legitimate sign-in experience."
The campaign targeted only select individuals at each company - C-level executives, their assistants, and employees in the financial department - and several things point to the threat actors being interested in a specific predetermined target list.
Among the targets were also newly-selected CEOs, and the attackers obviously hoped to catch them off guard during the transition period.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/CS0a50SXLjI/