Home
Artists
Search
Recent
Random
Posts
DMs
Tags
Random
Importer
Import
FAQ
Account
Register
Favorites
Login
Microsoft Warns of Spoofed Cloud Partners - ThreatWire (Patreon)
Downloads
Content
Microsoft disclosed last week that a phishing campaign was targeting organizations’ cloud environments by way of fake Microsoft Partner Network accounts using malicious OAuth apps. In their advisory, they explained that on December 15th, Microsoft discovered an attacker impersonating real companies while enrolling in the Microsoft Cloud Partner Program, which used to be called Microsoft Partner Network. They used these fake accounts to add verified publisher OAuth app registrations created in Azure AD. Those were then used in attacks called “consent phishing campaigns” which target and trick users into granting permissions to the fraudulent apps.
Affected customers were alerted via email and all fraudulent applications were disabled. Microsoft also took steps to improve the procedures for approving orgs into the MCPP.
By becoming a “verified publisher” with Microsoft, an org receives a blue checkmark by their name and if targeted by an attacker, this can be incredibly deceptive since the name of the org would be identical to legitimate ones, with the attackers even linking the TOS to legitimate sites. Proofpoint went into further details on these attacks via their own advisory, posted on January 31.
They explain these attacks could impact orgs in a variety of ways, including data exfiltration, brand abuse, and delegating permissions over compromised mailboxes, calendars, and meetings.
Proofpoint and Microsoft recommended using caution when orgs grant access to third party OAuth apps even if they look like they’re verified. Users can be restricted to only apps with low risk permissions and cloud environments should be proactively protected.
LINKS:
https://thehackernews.com/2023/02/hackers-abused-microsofts-verified.html