Hacking: Microsoft is attacking one of its flagship services and you are not immune

News hardware Hacking: Microsoft is attacking one of its flagship services and you are not immune

Hackers have managed to deceive Microsoft’s double authentication to access the American giant’s messaging service. Massive phishing that has been going on since June targeting specific people and businesses.

A massive phishing campaign on Microsoft

The hacking campaign was made public although it is still ongoing. The risk of hacking by other hackers is therefore real. The procedure is thus described by
Zscaler
in detail.

The hack focuses on defeating double authentication using an adversary-in-the-middle attack technique. This consists of interposing between the server and the client to divert the data and redirect to the phishing site.

The information is not completely clear on the attack itself, it would rather be phishing via a malicious site. It can be seen as a site that disguises itself to trick you into thinking it’s real. The technique is very widespread, but seems to evolve much more in this situation. Microsoft had this technique in its blog in July 2022.

Everyone is in the crosshairs

The strength of this attack is that anyone can fall victim to it. Even a cautious person, who does not expect it, can be fooled. It is essential to remain very vigilant, especially if you are part of a large company. According to the researchers, hackers mainly attack professionals who use Outlook and Exchange.

The attack begins with a simple targeted email asking you to click on a link. This facade mail can imitate many types of services, but is very well done. Thanks to this, the hacker can create an even stronger email to attack a greater amount of people in the company.

In his report, there is a list of domain names often usurped by this mass phishing. We find for example the Federal Credit Union which was attacked with the emails of general managers. This implies that the hackers managed to compromise important addresses, to have more weight during the generalized attack.

In order not to be unmasked by Microsoft, hackers go through many redirections. The URLs are regularly changed so as not to be detected. To clone an official page, hackers use a copy of the source code of the site, which is legal, when it is not a question of using it for pecuniary gain.

France seems for the moment to be spared by the attack. On the other hand, there is a greater amount of piracy in the United States, United Kingdom, New Zealand and Australia. The sectors impacted are often very specialized with FinTech in mind. There are also banks, insurance companies and energy suppliers.

Leave a Comment