Hackers spoof new Azure AD and Microsoft 365 sign-in pages

Nefarious hackers waste no time spoofing new sign-in pages

Microsoft has discovered that hackers have been hard at work revamping their phishing campaigns to use the new Azure AD and Microsoft 365 sign-in pages. 

According to a tweet from the company: “Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns. We have so far seen several dozens of phishing sites used in these campaigns.”

The Azure AD sign-in experience underwent a redesign about three months ago, but the new sign-in pages didn’t roll out until the first week of April.

Microsoft intended the redesign to reduce bandwidth requirements when loading Azure AD sign-in pages. The new design also made it easier for potential victims to determine when an attacker with outdated phishing tools targeted them. Now, it appears hackers have updated their tools to include updated sign-in pages.

With their spoofed paged now up to date, hackers are back to their old tricks. By sending out emails with the subject line “Business Document Received,” hackers have tricked unsuspecting users into opening fake PDFs. For some recipients, opening these malicious PDFs leads them to the new Azure AD or Microsoft 365 sign-in pages.

Microsoft’s Security Intelligence team said of the spoofed pages: “Microsoft Threat Protection provides comprehensive protection against these threats. Office 365 ATP catches ever-changing threats by exposing and detecting malicious behavior using detonation and machine learning. Microsoft Defender ATP blocks malicious documents on endpoints.”

Microsoft has addressed the spoofed pages, but Azure AD and Microsoft 365 aren’t the only Microsoft products malicious actors have targeted. Just a few weeks ago, a series of phishing attacks used images from automated Microsoft Teams notifications to steal Office 365 credentials from unsuspecting users. The company’s Sway service was also recently impacted by a highly targeted spear-phishing campaign that’s since been dubbed PerSwaysion.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Microsoft launches new layered group policy feature
Microsoft Windows

Microsoft launches new layered group policy feature

5 Aug 2021
Microsoft suspends Windows 365 trials
Microsoft Windows

Microsoft suspends Windows 365 trials

4 Aug 2021
Google, Microsoft fight over documents in antitrust lawsuit
Policy & legislation

Google, Microsoft fight over documents in antitrust lawsuit

30 Jul 2021
Microsoft cracks down on sophisticated BEC scam campaign
scams

Microsoft cracks down on sophisticated BEC scam campaign

20 Jul 2021

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021