The Atlanta Journal-Constitution
Phishing campaign hits Microsoft in 62 countries
Targeting businesses, recent emails capitalize on pandemic.
Microsoft Corp. customers were targeted in a massive phishing campaign that has sought to defraud users in 62 countries since December. Recently, the malicious emails have evolved to capitalize on the pandemic, according to Microsoft.
The attack “targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and redirect wire transfers,” Microsoft said Tuesday in a blog post. The campaign was vast, hitting millions of Microsoft Office 365 users with attempted hacks in a single week, the company said.
Microsoft was able to disrupt the scheme through a recent court ruling, which allowed the company to take over domains used by the cyber criminals and prevent them from being used for cyberattacks, according to the post.
The phishing attacks were executed by hackers who posed as employers and other trusted senders in emails that were sent to users of Office 365. The messages contained attachments that, when clicked, prompted users to grant access to a web application that resembled those “widely used in organizations.” However, in this case, the “familiar-looking” applications were malicious and granting access let cyber-attackers into users’ Office 365 accounts, according to the company.
“The criminals attempted to gain access to customer email, contact lists, sensitive documents and other valuable information,” the blog said.
In the early part of the hacking campaign, the attachments had titles related to standard business terms, such as “Q4 Report — Dec19.” However, the hackers recently renewed their phishing efforts using attachment names related to the pandemic, such as “COVID-19 Bonus,” according to Microsoft.
Coronavirus-themed phishing attacks have become so pervasive in recent months that the U.S. and U.K. governments warned about their growing use. For example, in March, the number of attempted phishing emails sent by criminals and state-linked actors more than quadrupled amid the spreading virus, the cybersecurity firm FireEye Inc. reported. And, this spring, a barrage of cyberscams and hacking attempts related to the virus hit remote workers as criminals sought to profit from the pandemic.