Security News > 2022 > September > Microsoft 365 phishing attacks impersonate U.S. govt agencies

An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents.
The lure in these phishing emails is a request for bids for lucrative government projects, taking them to phishing pages that are clones of legitimate federal agency portals.
There's now a plethora of different lures used in the messages, better phishing web page behavior, and removal of artifacts that revealed the signs of fraud in previous versions of the attached PDFs. Polishing a high-quality campaign.
Starting with the phishing emails, Cofense reports they now feature more consistent formatting, larger logos, and prefer to include a link to the PDF instead of attaching the file.
On the phishing page that tries to trick visitors into entering their Microsoft Office 365 account credentials, the threat actors have now added a Captcha Challenge step to ensure they're not logging bot inputs.
"Given the advancements seen in each area of the phishing chain, it is likely the threat actors behind these campaigns will continue to innovate and improve upon their already believable campaigns," predicts Cofense.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Massive botnet hits Microsoft 365 accounts (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)