Hackers Abused Microsoft’s Verified Publisher OAuth Apps to Breach Corporate Email Accounts

On Tuesday, Microsoft announced that it had taken action to disable phony Microsoft Partner Network (MPN) accounts that were being used to build malicious OAuth applications as part of a criminal operation to infiltrate the cloud environments of enterprises and steal email.

The IT company claimed that the fraudulent actors “built applications that were subsequently deployed in a consent phishing campaign, which duped users into authorizing access to the phony apps.” “This phishing campaign primarily targeted clients in the United Kingdom and Ireland.”

Consent phishing is a type of social engineering assault in which users are persuaded to provide permission to malicious cloud applications read the complete article Hackers Abused Microsoft’s Verified Publisher OAuth Apps to Breach Corporate Email Accounts.

Subscribe to our email to stay up to date on the newest cybersecurity news.

Leave a Reply

Your email address will not be published. Required fields are marked *