Area 1 Security recently stopped a sophisticated Microsoft Office 365 credential harvesting campaign targeting C-suite executives, high-level assistants, and financial departments across numerous industries, including financial services, insurance, and retail. Further research and analysis of the activity revealed a much larger operation than originally discovered. This included several additional directly-related credential phishing campaigns that targeted the same industries and positions using sophisticated techniques and advanced phishing kits, to bypass Microsoft’s native email defenses and email authentication.
The campaigns, which began in early December and continued through February, targeted only select individuals at each company. Unlike the “spray and pray” method often seen with these types of cybercriminal-driven credential harvesting campaigns, this limited activity suggests a more targeted approach.