Security News > 2023 > May > New 'Greatness' service simplifies Microsoft 365 phishing attacks
In a new report by Cisco Talos, researchers explain how the Greatness phishing platform launched in mid-2022, with a spike in activity in December 2022 and then again in March 2023.
The phishing service will automatically inject the target's company logo and background image from the employer's actual Microsoft 365 login page.
The victim only enters their password on the convincing phishing page, as Greatness pre-fills the correct email to create a sense of legitimacy.
At this stage, the phishing platform acts as a proxy between the victim's browser and the actual Microsoft 365 login page, handling the authentication flow to obtain a valid session cookie for the target account.
If the account is protected by two-factor authentication, Greatness will prompt the victim to provide it while triggering a request on the real Microsoft service, so the one-time code is sent to the target's device.
Once the MFA code is provided, Greatness will authenticate as the victim on the real Microsoft platform and send the authenticated session cookie to the affiliate via a Telegram channel or on the service's web panel.
News URL
Related news
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)