Security News > 2023 > May > Microsoft 365 phishing attacks use encrypted RPMSG messages

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways.
RPMSG files are encrypted email message attachments created using Microsoft's Rights Management Services and offer an extra layer of protection to sensitive info by restricting access to authorized recipients.
"The recipients were users in the billing department of the recipient company. The message shows a Microsoft encrypted message."
The attackers' use of trusted cloud services such as Microsoft and Adobe to send phishing emails and host content adds an additional layer of complexity and trustworthiness.
Encrypted RPMSG attachments also conceal phishing messages from email scanning gateways, given that the only hyperlink in the initial phishing email directs the potential victims to a legitimate Microsoft service.
"To help prevent Microsoft 365 accounts being compromised, enable Multi-Factor Authentication."
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)