BingoTingo Best Place To Gain Knowledge & WP Theme
Hackers have been seen exploiting the Microsoft Partner Network feature for Azure AD in an attempt to steal corporate emails and other sensitive data (opens in new tab).
Microsoft and cybersecurity professionals Proofpoint teamed up (opens in new tab) to combat the threats, explain how they discovered hackers posing as legitimate companies and were successfully verified in the Microsoft Cloud Partner Program (MCPP).
By being verified as a legitimate company, the crooks were able to register authenticated OAuth apps in Azure AD, which were actually malicious and used to steal people’s emails via phishing. To make matters worse, Proofpoint said that crooks could also have used this access to steal calendar information.
Perform BEC attacks
The threat is particularly concerning because its kind of information can be used for cyber espionage, business email compromise attacks, or as a stepping stone to a more serious form of cyber crime.
Proofpoint appears to have been the first to notice the campaign on Dec. 15, with Microsoft later withdrawing to disable all rogue accounts and apps.
“Microsoft has disabled the threat actor’s applications and accounts to protect customers and has engaged our Digital Crimes Unit to identify further actions that can be taken against this particular threat actor,” it said in its announcement. (opens in new tab).
“We have implemented several additional security measures to improve the MCPP review process and reduce the risk of similar fraudulent behavior in the future.”
Microsoft also said it has contacted all affected companies and warned them to thoroughly investigate their environment to ensure they are safe from compromise.
Beeping computer says malicious actors are increasingly using OAuth apps to launch “phishing attacks” and target Office 365 and Microsoft 365 business data, forcing Microsoft to enter “verified” status.
Via: Bleeping Computer (opens in new tab)
