Cybersecurity

Cyber: Microsoft Flags Multi-stage Aitm Phishing And Bec Attacks Targeting...

2026-01-23 0 views admin
Cyber: Microsoft Flags Multi-stage Aitm Phishing And Bec Attacks Targeting...

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.

"The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness," the Microsoft Defender Security Research Team said. "The attack transitioned into a series of AitM attacks and follow-on BEC activity spanning multiple organizations."

As part of post-exploitation activity following initial compromise, the unknown attackers have been found to leverage trusted internal identities from the victim to carry out large‑scale intra‑organizational and external phishing in an effort to cast a wide net and widen the scope of the campaign.

The starting point of the attack is a phishing email likely sent from an email address belonging to a trusted organization, which was compromised beforehand. Abusing this legitimate channel, the threat actors sent out messages masquerading as SharePoint document‑sharing workflows to give it a veneer of credibility and trick recipients into clicking on phishing URLs.

Because services like SharePoint and OneDrive are widely used in enterprise environments and the emails originate from a legitimate address, they are unlikely to raise suspicion, allowing adversaries to deliver phishing links or stage malicious payloads. This approach is also called living-off-trusted-sites (LOTS), as it weaponizes the familiarity and ubiquity of such platforms to subvert email‑centric detection mechanisms.

In one case, Microsoft said the attacker initiated a large-scale phishing campaign involving more than 600 emails that were sent to the compromised user's contacts, both within and outside of the organization. The threat actors have also been observed taking steps to delete undelivered and out of office emails, and assure message recipients of the email's authenticity if they raised any concerns. The correspondence is then deleted from the mailbox.

"These techniques are common in any BEC attacks and are intended to keep the victim unaware of the attacker's operations, thus helping in persistence," the Windows maker noted.

To that end, the company noted that it worked with customers to revoke multi-factor authentication (MFA) changes made by the attacker on the compromised user's accounts and delete suspicious rules created on those accounts. It's currently not known how

Source: The Hacker News

🏷️ Tags

securityattackthreatexploit

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views