Microsoft has sunk a massive Office 365 email hijacking campaign

News
By published

Second major BEC campaign uncovered in as many months

cyber security
(Image credit: Pixabay)

Researchers at Microsoft 365 Defender have dismantled the cloud computing infrastructure that was used to orchestrate a large-scale business email compromise (BEC) campaign.

In a joint blog post, Stefan Sellmer, from Microsoft 365 Defender Research Team, and Nick Carr, from Microsoft Threat Intelligence Center (MSTIC) share details about the malicious cloud infrastructure that was spread across multiple web services.

The cybersecurity researchers shared that the campaign compromised mailboxes using phishing and forwarding rules, with the intention of getting their hands on emails about financial transactions.

“This investigation also demonstrates how cross-domain threat data, enriched with expert insights from analysts, drives protection against real-world threats, both in terms of detecting attacks through products like Microsoft Defender for Office 365, as well as taking down operations and infrastructures,” write the researchers.

This campaign comes on the heels of another similarly comprehensive, but poorly executed BEC campaign that used over a hundred typo-squatted domains.

Stealth attacks

Microsoft’s analysis revealed that the attackers relied on a robust cloud infrastructure to automate their operations at scale. 

The attackers also found a way around the use of multi-factor authentication (MFA) by exploiting legacy protocols such as POP3/IMAP, which the targets had forgotten to disable.

Unraveling the attack vectors in this BEC attack, the researchers note that the campaign goes to show the stealthy nature of email-based campaigns that blend into legitimate traffic.

The researchers also used the opportunity to show some of the mechanisms built into Office 365, which help it defend users against such BEC campaigns, including the use of Artificial Intelligence (AI) to detect anomalous behavior.

They conclude by stressing on the importance of framing a comprehensive defense strategy, which includes both pre-breach and post-breach steps of action.

Via BleepingComputer

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A padlock resting on a keyboard.
Massive botnet is targeting Microsoft 365 accounts across the world
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
More about security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Broadcom warns of worrying security flaws affecting VMware tools
URL phishing

HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Xbox Series X and Xbox wireless controller set to a green background

Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
See more latest
Most Popular
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one
A green claw wraps around the carcass of a monster
Is Lagiacrus coming to Monster Hunter Wilds? Some fans are convinced, and here's why
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI