Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
Summary
Threat actors are using voice-based phishing attacks to trick Microsoft 365 users into enrolling fake passkeys for Microsoft Entra. This allows them to gain unauthorized access to Microsoft 365 accounts, which can then be used for data extortion.
IFF Assessment
FOE
This attack represents a new phishing technique that bypasses traditional authentication methods, making it harder for defenders to detect and prevent unauthorized access.
Defender Context
Defenders should be aware of this evolving phishing tactic that leverages social engineering and passkey enrollment as an attack vector. Training users to recognize and report suspicious requests, especially those involving voice calls and urgent requests for credential or passkey enrollment, is crucial.