Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

Read full story on The Hacker News
Share
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
AI disclosure

Summary

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The

Original reporting

Open original source

Related coverage

Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.