Microsoft has been observing the hacking group's phishing scams since December. It initially used generic business subject lines, such as "Q4 report- Dec 19." But more recently, the hackers have been exploiting the pandemic to manipulate users into opening malicious emails, including the term "COVID-19 bonus" on links or files attached to the emails. "Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application," wrote Microsoft Corporate Vice-President Tom Burt in a blog post.
The malicious web application is designed to look like a legitimate product from Microsoft. For instance, the hackers named one such app "0365 access." This app doesn't attempt to ask victims for a login or password. Instead, it tries to trick them into signing off on some powerful privileges, including the ability to read emails over an Office 365 account and even to change the email settings.
GG Making the scheme look even more legitimate, victims are first sent to the official Microsoft 365 login page.
Making the scheme look even more legitimate, victims are first sent to the official Microsoft 365 login page before they're redirected to grant permissions to the malicious app. If a victim falls for the phishing attack can then pave the way for "business email compromise" schemes, in which the hackers can trick a company's staff into wiring large sums of money to them. The same access can also give the attackers the ability to view sensitive company information. scam, the To stop these attacks, Microsoft filed a lawsuit to seize control of six internet domains the hackers have been using to host their malicious web applications. The US District Court for the Eastern District of Virginia granted the company control of the six domains.
The phishing scheme is a reminder to be careful around suspicious third-party apps; if they ask for powerful permissions, you should avoid installing them.