Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

Summary

Threat actors are using voice-based phishing attacks to trick Microsoft 365 users into enrolling fake passkeys for Microsoft Entra. This allows them to gain unauthorized access to Microsoft 365 accounts, which can then be used for data extortion.

IFF Assessment

FOE

This attack represents a new phishing technique that bypasses traditional authentication methods, making it harder for defenders to detect and prevent unauthorized access.

Defender Context

Defenders should be aware of this evolving phishing tactic that leverages social engineering and passkey enrollment as an attack vector. Training users to recognize and report suspicious requests, especially those involving voice calls and urgent requests for credential or passkey enrollment, is crucial.

Read Full Story →