O AUTH Application Taken In Use By Hackers For Making A Phishing Attack On Exchange Server Of Microsoft

O AUTH application Taken In Use by Hackers for Making A Phishing Attack On Exchange Server Of Microsoft

72 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Thehackernewz

Uploaded on Sep 29, 2022

Category News & Politics

The phishing attack which was made on the exchange server of Microsoft thus being in use by the Hackers by making use of O AUTH application. The warning generation was made by Microsoft that the control is taken over the exchange servers employing the credential stuffing attacks made by a threat actor via rogue O Auth applications.

Category News & Politics

Comments

                     O AUTH application Taken In Use by Hackers for Making A Phishing Attack On Exchange Server Of Microsoft
                     O Auth App Taken In Use by Hackers for Making 
A  Phishing Attack On Exchange Server Of 
Microsoft
Hello, friends and all cyber geeks welcome to the world of “the hacker newz”  
in today’s article we are thus going to discuss the phishing attack which was  
made on the exchange server of Microsoft thus being in use by the Hackers by  
making use of O AUTH application.
Warning Generation by Microsoft for Control Made Out  
On the Servers of Exchange via Rogue O Auth Application
The warning generation was made by Microsoft that the control is taken over  
the exchange servers employing the credential stuffing attacks made by a  
threat actor via rogue OAuth applications which were having exposure on the  
cloud tenants. The revealing was made  in the investigation revealed threat
actors were making the unsecured administrator accounts leveraged for  
gaining of initial access to accounts that did not have the higher level of  
vulnerable accounts that are not having the MFA enabled.
It was also a fact revealed by Microsoft that the threat actor was able to gain  
access to the cloud tenants thus making the hosting of the Microsoft Exchange
servers in credential stuffing attacks, with the end goal of making the
successful deployment of the malicious OAuth applications along with the  
sending of phishing emails.
"The revealing of the fact was made by the investigation that the launch was
made by the threat actor along with the credential stuffing attacks which were  
made against high-risk accounts that were not having the multi factor  
authentication (MFA) thus making the unsecured admin accounts being  
enabled and leveraged for gaining the initial access as said by the Microsoft  
365 Defender Research Team.
Compromisation of the Exchange Servers Employing O  
Auth Application
The unauthorized access to the cloud tenant was made to provide the ability of  
the creation of the malicious application that was able to make out the  
possible addition of the inbound connector in the e-mail server.
The attacker then made to make the usage of the inbound connector and the  
rules of transport rules designing whose help was taken for helping to make  
the evasion of detection for the delivery of the phishing emails through the
compromise of the Exchange servers.
In contrast, the O Auth application remained to be in the dormant stage for  
months between attacks until it was made to take in the use again for the
addition of the new connectors and rules before the occurrence of the next  
wave of attacks.
The triggering of these all-email campaigns was made from Amazon SES and  
Mail Chimp email infrastructure which was taken in the common usage for  
sending marketing emails in bulk.
The attacker was making use of a network of single-tenant applications thus  
known as a platform of identity throughout the attack.
After the attack was detected, all the applications which were having linkage to  
the network were made to send the alert along with the recommended  
remediation measure for all the customers who were being affected by this  
attack.
The confirmation mentioned regarding it by Microsoft also that this threat  
actor was linked to campaigns pushing phishing emails for many years.
It was also observed that the high volumes of spam emails within short  
timeframes were sent by The attacker from various other sources such as
connecting to mail servers from rogue IP addresses or some of them were sent  
directly from legitimate cloud-based bulk email sending infrastructure."
"The actor's motive was to make the successful propagation of the deceptive
sweepstakes spam in which the emails designed for the tricking of the  
recipients into providing the details of the credit card along with the signing up  
for recurring subscriptions under the guise of winning a valuable prize as  
revealed by the Microsoft further.
The scheme thus made to lead to some of the unwanted charges for targets,  
there was no evidence found for over the threats to the security threats such  
as credential phishing or malware distribution."
Thanks for reading. Hope you must have enjoyed reading the article.
Follow The Hacker news on our social platforms “Twitter (thehackernewz) and  
LinkedIn (The Hacker Newz) “for reading more exclusive content posted daily.
Source Link:
https://thehackernewz.com/o-auth-application-taken-in-use-by-hackers-for-  
making-a-phishing-attack-on-exchange-server-of-microsoft/