Security News > 2023 > May > New 'Greatness' service simplifies Microsoft 365 phishing attacks
In a new report by Cisco Talos, researchers explain how the Greatness phishing platform launched in mid-2022, with a spike in activity in December 2022 and then again in March 2023.
The phishing service will automatically inject the target's company logo and background image from the employer's actual Microsoft 365 login page.
The victim only enters their password on the convincing phishing page, as Greatness pre-fills the correct email to create a sense of legitimacy.
At this stage, the phishing platform acts as a proxy between the victim's browser and the actual Microsoft 365 login page, handling the authentication flow to obtain a valid session cookie for the target account.
If the account is protected by two-factor authentication, Greatness will prompt the victim to provide it while triggering a request on the real Microsoft service, so the one-time code is sent to the target's device.
Once the MFA code is provided, Greatness will authenticate as the victim on the real Microsoft platform and send the authenticated session cookie to the affiliate via a Telegram channel or on the service's web panel.
- Microsoft 365 phishing attacks use encrypted RPMSG messages (source)
- Microsoft: Phishing attack targets accountants as Tax Day approaches (source)
- Greatness phishing-as-a-service threatens Microsoft 365 users (source)
- Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks (source)
- Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (source)
- Microsoft 365 outage blocks access to web apps and services (source)
- Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (source)
- Microsoft 365 search outage affects Outlook, Teams, and SharePoint (source)
- New Microsoft 365 outage causes Exchange Online connectivity issues (source)
- Microsoft: Iranian hacking groups join Papercut attack spree (source)