← All stories
● Covered by 1 source Β· 1 reportHigh impact

Vishing Campaign Targets Microsoft 365 Users for Entra Passkey Enrollment

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

A phishing campaign is targeting Microsoft 365 users through voice calls to enroll in fake Entra passkeys. The attacker disguises the attack using a phishing kit that mimics the Microsoft enrollment process, posing a significant risk to victims' accounts.

Key points

Vishing Campaign Details

Threat actors are conducting voice-based phishing campaigns targeting Microsoft 365 users by requesting that they enroll in new Entra passkeys. This tactic exploits a feature Microsoft introduced allowing administrators to initiate passkey registration campaigns, increasing the potential for deception under the guise of security enhancements.

Mechanism of Attack

Victims are contacted via phone and convinced to visit malicious URLs that resemble the legitimate Microsoft passkey enrollment. The phishing sites are designed to replicate the brand identity of the victim's organization, enhancing their credibility. The attack leverages an operator-controlled PHP panel that guides the victim through the authentication process in real-time. This allows the adversary to adapt the user experience based on the specific multi-factor authentication methods employed by the victim.

Targeted Industries and Impact

Okta connects this campaign to a specific group identified as O-UNC-066, associated with an extortion operation known as Pink. The targets include organizations in various sectors like food and beverage, technology, healthcare, automotive, construction, and aviation. Victims who fall for the scheme unwittingly provide their credentials and multi-factor authentication responses, compromising their Microsoft accounts.

Significance in Cybersecurity

The campaign underscores the evolving nature of phishing attacks, increasingly using personality and persuasive tactics to deceive users. The sophistication of the attack, which enables real-time user interaction, poses a substantial threat to organizational cybersecurity. This scenario highlights the urgent need for enhanced user education on recognizing phishing attempts and the importance of vetting security requests.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub PaloAltoNetworks/Unit42-timely-threat-intel

Reporting from

A phishing campaign is targeting Microsoft 365 users through voice calls to enroll in fake Entra passkeys. The attacker disguises the attack using a phishing kit that mimics the Microsoft enrollment process, posing a significant risk to victims' accounts.