uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-02-01 20:49:11

thrive
Member
Registered: 2023-01-04
Posts: 2,213

Microsoft's "Verified Publisher" OAuth Apps were used by hackers to co

L21jDx0.png
Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email.

"The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting permissions to the fraudulent apps," the tech giant said. "This phishing campaign targeted a subset of customers primarily based in the U.K. and Ireland."

Consent phishing is a social engineering attack wherein users are tricked into granting permissions to malicious cloud applications, which can then be weaponized to gain access to legitimate cloud services and sensitive user data.

The Windows maker said it became aware of the campaign on December 15, 2022. It has since alerted affected customers via email, with the company noting that the threat actors abused the consent to exfiltrate mailboxes.

On top of that, Microsoft said it implemented additional security measures to improve the vetting process associated with the Microsoft Cloud Partner Program (formerly MPN) and minimize the potential for fraudulent behavior in the future.

The disclosure coincides with a report released by Proofpoint about how threat actors have successfully exploited Microsoft's "verified publisher" status to infiltrate the cloud environments of organizations.

What's notable about the campaign is that by mimicking popular brands, it was also successful at fooling Microsoft in order to gain the blue verified badge. "The actor used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD," the company explained.

These attacks, which were first observed on December 6, 2022, employed lookalike versions of legitimate apps like Zoom to deceive targets into authorizing access and facilitate data theft. Targets included financial, marketing, managers, and senior executives.

Offline

Board footer

Powered by FluxBB