As phishing campaigns go on, Microsoft has discovered a new attack in the wild that targets victims’ emails. Microsoft warns organizations to stay wary of this sneaky attack that abuses OAuth request links.
Phishing Attack Targeting Emails
In a series of tweets, Microsoft has shared insights about a new phishing attack that aims at directly accessing emails. This campaign first caught the attention of a security researcher with the alias “TheAnalyst” who reported the matter to Microsoft.
As elaborated, the attackers behind this phishing attack use a malicious app named “Upgrade” to trick users. This app asks for various OAuth permissions to read and write emails. Specifically, the app attempts to access various mailbox features, such as setting up rules, using Graph API to access messages, and sending emails to other accounts.
According to the alert generated by Microsoft Defender, this app intends data exfiltration. As mentioned in one of the tweets from Microsoft Security Intelligence,
The phishing messages mislead users into granting the app permissions that could allow attackers to create inbox rules, read and write emails and calendar items, and read contacts. Microsoft has deactivated the app in Azure AD and has notified affected customers.
Microsoft confirms that this campaign has targeted numerous organizations already.
Whereas, TheAnalyst confirmed the sneaky attempts from the threat actors as they identified a new phishing app.
This actor has just switched to a new OAuth consent #Phishing app. This one is also called “Upgrade” with the same icon, but has a new verified publisher “Counseling Services Yuma PC”. Related domain /queues.me https://t.co/RBCLapYZmj pic.twitter.com/56HyFUFpIs
— TheAnalyst (@ffforward) January 24, 2022
This phishing campaign is just another attempt at invading organizations maliciously to steal data. Microsoft advises users to use tools like Microsoft Defender for their Azure AD, Cloud Apps, and Office apps to detect and prevent such attacks proactively.
Besides, organizations should also ensure applying adequate security best practices to protect their infrastructure. Also, training employees for phishing and cyber risks awareness can help prevent issues arising from opening unsolicited or malicious emails and documents.
Let us know your thoughts in the comments.