Security News > 2023 > May > New 'Greatness' service simplifies Microsoft 365 phishing attacks
In a new report by Cisco Talos, researchers explain how the Greatness phishing platform launched in mid-2022, with a spike in activity in December 2022 and then again in March 2023.
The phishing service will automatically inject the target's company logo and background image from the employer's actual Microsoft 365 login page.
The victim only enters their password on the convincing phishing page, as Greatness pre-fills the correct email to create a sense of legitimacy.
At this stage, the phishing platform acts as a proxy between the victim's browser and the actual Microsoft 365 login page, handling the authentication flow to obtain a valid session cookie for the target account.
If the account is protected by two-factor authentication, Greatness will prompt the victim to provide it while triggering a request on the real Microsoft service, so the one-time code is sent to the target's device.
Once the MFA code is provided, Greatness will authenticate as the victim on the real Microsoft platform and send the authenticated session cookie to the affiliate via a Telegram channel or on the service's web panel.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Inside the incident: Uncovering an advanced phishing attack (source)