First reported by BleepingComputer
Entra passkey enrollment vishing targets Microsoft 365 users
Vishing campaign uses fake Microsoft Entra passkey enrollment to target M365 users
A threat actor tracked as O-UNC-066 (linked to the Pink extortion operation) is using vishing (voice phishing) and fake Microsoft Entra passkey enrollment requests to target Microsoft 365 users. The attackers call victims claiming they need to enroll a new passkey, then direct them to phishing sites mimicking legitimate Entra enrollment pages to steal credentials and MFA responses. Okta attributes the campaign to this group, which targets multiple industries and rapidly exfiltrates data from Microsoft services after account takeover.
Key quotes
A threat actor is using vishing and fake Microsoft Entra passkey enrollment requests to trick Microsoft 365 users into handing over credentials and MFA responses.
Okta attributes the campaign to O-UNC-066, linked to the Pink extortion operation, which targets multiple industries and rapidly steals data from Microsoft services after account takeover.
The attacker calls users and claims they must enroll a new Microsoft Entra passkey.
Victims are sent to phishing sites that mimic the real Entra passkey enrollment
You might also wanna read
Entra passkey enrollment vishing targets Microsoft 365 users
BleepingComputer·4h ago
Fake IT support calls on Microsoft Teams push EtherRAT malware
bleepingcomputer.com·2d ago
Fake IT support calls on Microsoft Teams push EtherRAT malware
BleepingComputer·2d ago
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
thehackernews.com·1d ago
Microsoft Device Code Phishing Campaign Targets M365 Accounts
Cyber Web Spider Blog·1d ago
Scammers exploit Microsoft account loophole to send spam from legitimate internal email address
Scammers have been exploiting a loophole in Microsoft's system to send spam emails from an internal Microsoft email address that is normally

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
BleepingComputer·6d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.