Key Points
What you'll learn in this notification
- Campaign using OAuth applications
- Users are redirected to malicious pages
- Campaign Objective: possible Reconnaissance and Data Collection plus credential phishing
- Recent campaigns predominately target Real Estate and Professional Service businesses in the US
The Mimecast Threat Research team continue to observe emails containing URL which manipulates Microsoft OAuth parameters to redirect users to malicious pages. The campaign has generated approximately 4,500 observed instances within a two-week period, primarily targeting Real Estate and Professional Service businesses in the US. This methodical approach appears to focus on potentially gathering business intelligence as well as credential harvesting while maintaining a deceptively legitimate appearance. The technique leverages URL manipulation to exploit Microsoft's OAuth implementation. By utilizing legitimate Microsoft domains throughout the attack chain, threat actors have created a highly convincing social engineering approach that could potentially bypass traditional security controls.
Please click here to read the entire article.
We welcome your questions; please ask them by posting a comment below.
Dimakatso Makinta
