Microsoft Office 365 Users In 62 Different Countries Were Targeted In A Massive Hacking Campaign

Since December 2019, a huge phishing campaign has been targeting Microsoft Corp. clients to defraud users in 62 different countries. According to the company, malicious email have recently evolved to capitalize on the coronavirus pandemic.

On Tuesday, Microsoft explained in a blog post that the phishing attacks targeted business leaders across various industries, and attempted to compromise accounts, steal data, and redirect wire transfers. According to the company, the phishing campaign was vast and targeted millions of Microsoft Office 360 customers with attempted attacks in only 7 days.

The company disrupted the scheme via a recent court ruling, which enables Microsoft to take over domains that were used by the hackers. Microsoft was able to prevent these domains from being used for hacking-attacks, the blog post reads.

To execute the phishing attacks, cybercriminals posed as employers as well as other trusted senders in emails. The emails were sent to Microsoft Office 360 users, and the emails contained malicious attachments. When a user clicked on the attachment, it prompted Office 360 users to grant access to a web app that resembles those apps that are ‘widely used in organizations.’ But, the ‘familiar-looking apps’ were malicious in this case.

If a user granted access, hackers were able to access the Microsoft Office 360 accounts of users. According to Microsoft’s blog post, attackers attempted to gain access to consumer email, contact lists of users, sensitive documents of users, and other valuable information.

Recently, hackers have shifted their focus to capitalize on the covid-19 pandemic, Microsoft states. In the early parts of this phishing campaign, the malicious attachments in the emails had titles about standard business terms like ‘Q4 Report.’ However, now, attackers are using attachments with titles related to the coronavirus pandemic such as ‘Coronavirus Bonus.’

During the past few months, COVID-19-themed phishing attacks have become so persuasive that the United Kingdom and the United States governments warned people about their increasingly growing use. For instance, FireEye Inc. reported during March of this year that the number of attempted phishing emails sent by cybercriminals and state-linked actors over quadrupled during the spreading coronavirus.

Moreover, this spring, a barrage of scams and hacking attempts about the coronavirus hit remote employees as cybercriminals sought to profit from the coronavirus pandemic. The company declined to report the number of Office 360 users that were sent phishing attacks by cybercriminals. Microsoft also declined to say how many of those phishing emails were successful in tricking Office 360 users to open them. Microsoft declined to comment on potential suspects for the hacking campaign, beyond ruling out the possibility that a nation state sponsored the hackers.



Read next: This New AI-Based Algorithm Created By Microsoft Helps To Restore Old Photos
Previous Post Next Post