Security News > 2023 > May > Microsoft 365 phishing attacks use encrypted RPMSG messages
Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways.
RPMSG files are encrypted email message attachments created using Microsoft's Rights Management Services and offer an extra layer of protection to sensitive info by restricting access to authorized recipients.
"The recipients were users in the billing department of the recipient company. The message shows a Microsoft encrypted message."
The attackers' use of trusted cloud services such as Microsoft and Adobe to send phishing emails and host content adds an additional layer of complexity and trustworthiness.
Encrypted RPMSG attachments also conceal phishing messages from email scanning gateways, given that the only hyperlink in the initial phishing email directs the potential victims to a legitimate Microsoft service.
"To help prevent Microsoft 365 accounts being compromised, enable Multi-Factor Authentication."
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)