Security News > 2022 > March > Phishing uses Azure Static Web Pages to impersonate Microsoft
Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials.
Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.
As shown below, some of the landing pages and login forms used in these phishing campaigns look almost exactly like official Microsoft pages.
Using the Azure Static Web Apps platform to target Microsoft users is an excellent tactic.
This will likely trick even the most suspicious targets after seeing the certificate issued by Microsoft Azure TLS Issuing CA 05 to *.1.azurestaticapps.net, thus validating the phishing page as an official Microsoft login form in the eyes of potential victims.
The phishing campaigns abusing Azure Static Web Apps make this advice almost worthless since many users will get tricked by the azurestaticapps.net subdomain and the valid TLS certificate.
News URL
Related news
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)