Microsoft

A new, widespread phishing operation that targets credentials for Microsoft email services uses a personalised, proxy-based phishing kit to get around multi-factor authentication.

The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia.

Source: https://www.bleepingcomputer.com/news/security/microsoft-accounts-targeted-with-new-mfa-bypassing-phishing-kit/

TPRM report: https://scoringcyber.rankiteo.com/company/Microsoft

"id": "mic142611122",
"linkid": "Microsoft",
"type": "Phishing",
"date": "08/2017",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': ['Financial Services', 'Insurance'],
                        'location': ['US', 'UK', 'New Zealand', 'Australia'],
                        'type': ['Fin-tech',
                                 'Lending',
                                 'Accounting',
                                 'Insurance',
                                 'Federal Credit Union']}],
 'attack_vector': 'Phishing emails',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Credentials'},
 'description': 'A new, widespread phishing operation that targets credentials '
                'for Microsoft email services uses a personalised, proxy-based '
                'phishing kit to get around multi-factor authentication.',
 'impact': {'data_compromised': 'Credentials for Microsoft email services'},
 'motivation': 'Credential theft',
 'title': 'Widespread Phishing Operation Targeting Microsoft Email Services',
 'type': 'Phishing',
 'vulnerability_exploited': 'Multi-factor authentication bypass'}

Microsoft

Israeli Infrastructure

Anthropic

Kelly Benefits