Security News > 2021 > December > US universities targeted by Office 365 phishing attacks
US universities are being targeted in multiple phishing attacks designed to impersonate college login portals to steal valuable Office 365 credentials.
These campaigns are believed to be conducted by multiple threat actors starting in October 2021, with Proofpoint sharing details on the tactics, techniques, and procedures used in the phishing attacks.
A phishing attack targeting students of Arkansas State University used an URL of sso2[.
Based on the URLs shared by Proofpoint, some of the universities targeted in these attacks include the University of Central Missouri, Vanderbilt, Arkansas State University, Purdue, Auburn, West Virginia University, and the University of Wisconsin-Oshkosh.
Office 365 credentials can be used by malicious actors to access the corresponding email account, send messages to other users in the workgroup, divert payments, and further the phishing to steal more valuable accounts.
These phishing attacks could potentially lead to damaging BEC incidents and highly-disruptive ransomware infections for universities.
News URL
Related news
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Phishing scams and malicious domains take center stage as the US election approaches (source)