Hackers spoof new Azure AD and Microsoft 365 sign-in pages

Nefarious hackers waste no time spoofing new sign-in pages

Microsoft has discovered that hackers have been hard at work revamping their phishing campaigns to use the new Azure AD and Microsoft 365 sign-in pages. 

According to a tweet from the company: “Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns. We have so far seen several dozens of phishing sites used in these campaigns.”

The Azure AD sign-in experience underwent a redesign about three months ago, but the new sign-in pages didn’t roll out until the first week of April.

Microsoft intended the redesign to reduce bandwidth requirements when loading Azure AD sign-in pages. The new design also made it easier for potential victims to determine when an attacker with outdated phishing tools targeted them. Now, it appears hackers have updated their tools to include updated sign-in pages.

With their spoofed paged now up to date, hackers are back to their old tricks. By sending out emails with the subject line “Business Document Received,” hackers have tricked unsuspecting users into opening fake PDFs. For some recipients, opening these malicious PDFs leads them to the new Azure AD or Microsoft 365 sign-in pages.

Microsoft’s Security Intelligence team said of the spoofed pages: “Microsoft Threat Protection provides comprehensive protection against these threats. Office 365 ATP catches ever-changing threats by exposing and detecting malicious behavior using detonation and machine learning. Microsoft Defender ATP blocks malicious documents on endpoints.”

Microsoft has addressed the spoofed pages, but Azure AD and Microsoft 365 aren’t the only Microsoft products malicious actors have targeted. Just a few weeks ago, a series of phishing attacks used images from automated Microsoft Teams notifications to steal Office 365 credentials from unsuspecting users. The company’s Sway service was also recently impacted by a highly targeted spear-phishing campaign that’s since been dubbed PerSwaysion.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

The true story behind the IBM Personal Computer
Hardware

The true story behind the IBM Personal Computer

3 Dec 2021
Microsoft hit with formal complaint over "monopolistic" software bundling
collaboration

Microsoft hit with formal complaint over "monopolistic" software bundling

29 Nov 2021
Gmail vs Outlook.com: Which one is better?
email providers

Gmail vs Outlook.com: Which one is better?

26 Nov 2021
Business customers can get 30% off the Surface Laptop Go for Black Friday 2021
Laptops

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021

26 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
Access brokers are making it easier for ransomware operators to attack businesses
cyber security

Access brokers are making it easier for ransomware operators to attack businesses

1 Dec 2021