CyberSecurity News
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
AI summary
A threat actor is targeting organizations across various sectors with fake security requests made via voice, aiming to trick Microsoft 365 users into enrolling a new Entra passkey. This tactic is part of a larger effort to carry out data extortion attacks. The threat actor, known as O-UNC-066, is using a phishing kit that can target the passkey enrollment process. The phishing kit is controlled through a panel, allowing the threat actor to manage their attacks. The goal of these attacks is to gain access to Microsoft 365 accounts.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

