All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter
Baker's Take· 2 sources

Fake Entra passkey enrollment calls target Microsoft 365 users in new vishing wave

By

Mr Bagel

· 3h ago

A threat actor linked to a known extortion operation is using voice phishing to trick Microsoft 365 users into enrolling a fraudulent Entra passkey, according to separate reports from BleepingComputer and a security researcher. The campaign impersonates legitimate IT security requests, directing victims to phishing sites that steal credentials and multi-factor authentication responses.

Fake Entra passkey enrollment calls target Microsoft 365 users in new vishing wave

BleepingComputer reported that the attackers call victims claiming they need to enroll a new passkey for Microsoft Entra, then route them to fake enrollment pages. The campaign targets organizations across multiple sectors, and after account takeover, the threat actor rapidly exfiltrates data from Microsoft services.

Security researcher hendryadrian.com tracked the activity to a group designated O-UNC-066, which is also associated with the Pink extortion operation. Okta attributed the campaign to this group, which uses vishing to bypass MFA protections.

"The attackers call victims claiming they need to enroll a new passkey, then direct them to phishing sites mimicking legitimate Entra enrollment pages to steal credentials and MFA responses."

This real-time credential theft allows the actor to immediately compromise accounts and move laterally within targeted Microsoft 365 environments. Both sources emphasize that the social engineering is sophisticated, using voice calls that sound urgent and official.

BleepingComputer noted that the threat actor's speed of data exfiltration after takeover is a key concern for defenders. The campaign underscores how attackers are adapting to authentication advances like passkeys by targeting the human enrollment process itself.

The reporting

2 outlets covered this story. Each links to the original.

0

Comments

Sign in to join the conversation.

No comments yet. Be the first.