Microsoft Discovers Recent Phishing As-a-Service Scheme Targeting 300,000 Subdomains
3 min read
A phishing as-a-service operation was spotted by Microsoft in 300,000 compromised subdomains. How does this attack work?
Microsoft's latest discovery about phishing reveals an unusual as-a-service operation that makes use of phishing kits for cloud services.

The tech giant's cybersecurity team said that there are different services that the hackers use, including email delivery and fake login pages.

Microsoft Uncovers As-a-Service Phishing Operation

According to a blog post by the Microsoft 365 Defender Threat Intelligence Team, the attackers depend on the malicious pages and links that are sent to the victims.

The cybercriminals will inject malicious software into the system to steal important credentials from the user.

What's unique about this phishing attack is the fact that the untested stolen credentials are directed to the hackers. This means that despite not gaining access to the system, the hackers could still carry out the operations.

Many businesses nowadays have an established domain for their pages. Most importantly, they have created login pages for the ease of user's access to the website.

The phishing-as-a-service operation has reportedly hit the cloud services, such as OneDrive, Google Docs, American…
Joseph Henry
Read full article