Security News > 2023 > May > New 'Greatness' service simplifies Microsoft 365 phishing attacks

New 'Greatness' service simplifies Microsoft 365 phishing attacks
2023-05-10 12:00

In a new report by Cisco Talos, researchers explain how the Greatness phishing platform launched in mid-2022, with a spike in activity in December 2022 and then again in March 2023.

The phishing service will automatically inject the target's company logo and background image from the employer's actual Microsoft 365 login page.

The victim only enters their password on the convincing phishing page, as Greatness pre-fills the correct email to create a sense of legitimacy.

At this stage, the phishing platform acts as a proxy between the victim's browser and the actual Microsoft 365 login page, handling the authentication flow to obtain a valid session cookie for the target account.

If the account is protected by two-factor authentication, Greatness will prompt the victim to provide it while triggering a request on the real Microsoft service, so the one-time code is sent to the target's device.

Once the MFA code is provided, Greatness will authenticate as the victim on the real Microsoft platform and send the authenticated session cookie to the affiliate via a Telegram channel or on the service's web panel.

News URL

Related vendor

Microsoft 664 1059 5264 3005 4042 13370