(Image credit: wk1003mike / Shutterstock )

Crooks are trying to steal Microsoft 365 login credentials from people working in U.S. military, security software, manufacturing supply chain, healthcare, and pharma firms, with an elaborate phishing campaign that uses fake voicemail, and fake Microsoft login pages.

Employees in these firms have been getting fake email notifications, in which it says that someone from their organization sent them a voicemail. 

The email itself looks as if it’s coming from inside the company, but cloud security company ZScaler found that the real sender is actually abusing a Japanese email service to hide their address and their true identity (opens in new tab).

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Should the victim take the bait and click on the HTML attachment in the email, they’d first be redirected to a CAPTCHA check, whose goal is twofold - to evade anti-phishing tools, and to convince the victim of its legitimacy.

Stealing credentials

Once the victim passes the captcha, they’re then further redirected (opens in new tab) to the actual phishing site, a landing page that looks identical to the Microsoft 365 login page. It’s there that, if the victims type in their credentials, they’d share them with the attackers.

Microsoft 365 accounts are in high demand among crooks, as they offer a treasure trove of valuable information that can lead to devastating stage-two attacks. Crooks can use it to deploy malware (opens in new tab) and ransomware, install cryptominers on compute-mighty servers, and even mount highly destructive supply chain attacks.

The Solar Winds supply chain attack, which saw US government agencies, institutions, and a number of high-profile tech companies targeted, all started with a compromised Microsoft 365 account. 

Back in December 2020, a massive cyber-espionage effort was discovered that tainted the software supply chain via a rigged update to SolarWinds software. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to many private-sector companies.

There have been several congressional hearings regarding the SolarWinds hack, and the incident also led to sanctions on several Russian cybersecurity companies. However, no one has been able to determine the true extent of the hack, in part because tracing the steps of the threat actors has been quite challenging. 

Via: BleepingComputer (opens in new tab)

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

See more Computing news