Microsoft Targeted by Hackers in Phishing Campaign

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Microsoft was recently targeted by threat actors who abused the Oauth app registration’s “Verified Partner” system by impersonating legitimate companies.

Microsoft stated that these hackers took part in a large consent phishing campaign, which is when malicious actors will trick users into giving their apps permissions to their devices — it can then be used to steal data or breach legitimate cloud-based apps.

In a blog post, the Microsoft Security Response Center said the phishing attack “used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD.“

This let the hackers trick users into granting permissions to faulty apps by being disguised as legitimate services or brands like Zoom.

Microsoft first became aware of the breach on Dec. 15, according to Windows Maker, and promptly shut down the dangerous apps and informed the impacted customers about the breach.

The apps had dangerous permissions, including reading emails and configuring mailbox settings, as well as accessing users’ files and other data while targeting sectors like financial, marketing, managers, and senior executives. The attacks were mostly concentrated in the UK and Ireland. While the extent of the damages is unknown right now, the breach was significant.

The campaign supposedly stopped on Dec 27, a week after the fraudulent apps were disabled by Microsoft.

Microsoft has faced several breaches in the past as well. There was one last January, and another one in September, with Oauth apps being targeted by different hacker groups both times.

Microsoft assured customers that it’s working hard to remedy the situation.

“We have implemented several additional security measures to improve the MCPP vetting process and decrease the risk of similar fraudulent behavior in the future,” Microsoft said in a release. “We will continue to monitor for future malicious activity and make ongoing improvements to prevent fraud, consent phishing, and a range of other persistent threats.”

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."