Office 365 phishing attacks targets admin accounts

News
By
published

Admin accounts are a gold mine for hackers as they have elevated privileges and control over other users

hacker targeting a PC
(Image credit: Shutterstock)

A new phishing campaign has been discovered by PhishLabs in which hackers try to compromise Microsoft Office 365 administrator accounts.

According to the cybersecurity firm, the threat actors behind the campaign delivered a phishing lure that impersonated Microsoft and its Office 365 brand. However, to make their lure appear more legitimate, the cybercriminals used multiple validated domains that did not belong to the software giant including one domain that belonged to an educational institute.

Victims who clicked on the link in the phishing emails were presented with a spoofed login for Office 365 where the hackers would harvest their user credentials.

PhishLabs observed that a wide variety of enterprises and industries were targeted by the campaign which means that those behind it were not targeting any specific companies or industries.

Administrator accounts

There are several reasons why the threat actors targeted administrative credentials including the fact that Office 365 admins have administrative control over all email accounts on a domain.

Depending on how Office 365 is configured by an organization, a compromised admin account could allow an attacker to retrieve user emails or even completely takeover other email accounts on the domain. Office 365 admins also often have elevated privileges on other systems within an organization and this could potentially allow for other systems to be compromised via password reset attempts or by abusing single-sign-on systems.

By compromising an admin account, attackers can also create new accounts within an organization to abuse single-sign-on systems or they could leverage the reputation of a compromised domain in order to launch a new wave of attacks.

During the campaign discovered by PhishLabs, the attackers were able to gain some level of administrative control over the sender's Office 365 installation. After this they created a new account which was used to distribute the campaign and this technique is often employed by hackers to further avoid detection.

To avoid falling victim to this latest phishing campaign, PhishLabs recommends that users avoid opening suspicious emails with the subject line “Re: Action Required!” or “Re: We placed a hold on your account”.

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Latest in News
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
Hospital
Major Oracle outage hits US Federal health record systems
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
More about security
healthcare

Software bug meant NHS information was potentially “vulnerable to hackers”
Bluetooth

Top Bluetooth chip security flaw could put a billion devices at risk worldwide
A toy Amazon Echo next to the Alexa Plus logo and a range of Echo devices

What is Alexa+: Amazon’s next-generation assistant is powered by generative-AI
See more latest
Most Popular
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Michelle and Kid Cosmo watching a video projected onto a screen in Netflix's The Electric State movie
'We could not achieve that with puppetry or animatronics': Joe and Anthony Russo didn't want to build real-life robots for The Electric State for two big reasons
Workers at computers in an office
Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well
Nvidia logo on a dark background
Nvidia's GeForce graphics driver woes continue for some users, despite 572.75 hotfix's overclock and black screen promises
Garmin Fenix 8 AMOLED watch on wrist
Garmin owners were confused about 13.35 software update for Fenix 8, here's what actually happened
An AI face in profile against a digital background.
Worried about DeepSeek? Well, Google Gemini collects even more of your personal data
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are