Hackers spoof new Azure AD and Microsoft 365 sign-in pages

Nefarious hackers waste no time spoofing new sign-in pages

Microsoft has discovered that hackers have been hard at work revamping their phishing campaigns to use the new Azure AD and Microsoft 365 sign-in pages. 

According to a tweet from the company“Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns. We have so far seen several dozens of phishing sites used in these campaigns.”

The Azure AD sign-in experience underwent a redesign about three months ago, but the new sign-in pages didn’t roll out until the first week of April.

Advertisement - Article continues below

Microsoft intended the redesign to reduce bandwidth requirements when loading Azure AD sign-in pages. The new design also made it easier for potential victims to determine when an attacker with outdated phishing tools targeted them. Now, it appears hackers have updated their tools to include updated sign-in pages.

With their spoofed paged now up to date, hackers are back to their old tricks. By sending out emails with the subject line “Business Document Received,” hackers have tricked unsuspecting users into opening fake PDFs. For some recipients, opening these malicious PDFs leads them to the new Azure AD or Microsoft 365 sign-in pages.

Microsoft’s Security Intelligence team said of the spoofed pages: “Microsoft Threat Protection provides comprehensive protection against these threats. Office 365 ATP catches ever-changing threats by exposing and detecting malicious behavior using detonation and machine learning. Microsoft Defender ATP blocks malicious documents on endpoints.”

Advertisement
Advertisement - Article continues below

Microsoft has addressed the spoofed pages, but Azure AD and Microsoft 365 aren’t the only Microsoft products malicious actors have targeted. Just a few weeks ago, a series of phishing attacks used images from automated Microsoft Teams notifications to steal Office 365 credentials from unsuspecting users. The company’s Sway service was also recently impacted by a highly targeted spear-phishing campaign that’s since been dubbed PerSwaysion.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Meet Azure Arc, a platform to simplify deployment management
Microsoft Azure

Meet Azure Arc, a platform to simplify deployment management

4 Nov 2019
How many call participants is too many?
video conferencing

How many call participants is too many?

7 Aug 2020
Trump’s demand for cut of TikTok sale could face legal challenge
social media

Trump’s demand for cut of TikTok sale could face legal challenge

5 Aug 2020
Microsoft tripled bug bounty payouts to $13.7m last year
vulnerability

Microsoft tripled bug bounty payouts to $13.7m last year

5 Aug 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020