INSUBCONTINENT EXCLUSIVE:
A new phishing campaign has been discovered by PhishLabs in which hackers try to compromise Microsoft Office 365 administrator
accounts.According to the cybersecurity firm, the threat actors behind the campaign delivered a phishing lure that impersonated Microsoft
However, to make their lure appear more legitimate, the cybercriminals used multiple validated domains that did not belong to the software
giant including one domain that belonged to an educational institute.Victims who clicked on the link in the phishing emails were presented
with a spoofed login for Office 365 where the hackers would harvest their user credentials.PhishLabs observed that a wide variety of
enterprises and industries were targeted by the campaign which means that those behind it were not targeting any specific companies or
industries.There are several reasons why the threat actors targeted administrative credentials including the fact that Office 365 admins
have administrative control over all email accounts on a domain.Depending on how Office 365 is configured by an organization, a compromised
admin account could allow an attacker to retrieve user emails or even completely takeover other email accounts on the domain
Office 365 admins also often have elevated privileges on other systems within an organization and this could potentially allow for other
systems to be compromised via password reset attempts or by abusing single-sign-on systems.By compromising an admin account, attackers can
also create new accounts within an organization to abuse single-sign-on systems or they could leverage the reputation of a compromised
domain in order to launch a new wave of attacks.During the campaign discovered by PhishLabs, the attackers were able to gain some level of
administrative control over the sender's Office 365 installation
After this they created a new account which was used to distribute the campaign and this technique is often employed by hackers to further
avoid detection.To avoid falling victim to this latest phishing campaign, PhishLabs recommends that users avoid opening suspicious emails
with the subject line “Re: Action Required!” or “Re: We placed a hold on your account”.
