Security News > 2023 > May > New 'Greatness' service simplifies Microsoft 365 phishing attacks
In a new report by Cisco Talos, researchers explain how the Greatness phishing platform launched in mid-2022, with a spike in activity in December 2022 and then again in March 2023.
The phishing service will automatically inject the target's company logo and background image from the employer's actual Microsoft 365 login page.
The victim only enters their password on the convincing phishing page, as Greatness pre-fills the correct email to create a sense of legitimacy.
At this stage, the phishing platform acts as a proxy between the victim's browser and the actual Microsoft 365 login page, handling the authentication flow to obtain a valid session cookie for the target account.
If the account is protected by two-factor authentication, Greatness will prompt the victim to provide it while triggering a request on the real Microsoft service, so the one-time code is sent to the target's device.
Once the MFA code is provided, Greatness will authenticate as the victim on the real Microsoft platform and send the authenticated session cookie to the affiliate via a Telegram channel or on the service's web panel.
News URL
Related news
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (source)
- European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack (source)
- Need to Know: Key Takeaways from the Latest Phishing Attacks (source)
- Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)