Posted on 07/07/2020 6:27:40 PM PDT by dayglored
Hackers used malicious Office 365 apps to gain access to customer accounts, which they later used to orchestrate BEC attacks.
Microsoft has obtained a court order this month allowing the company to seize control of six domains that were used in phishing operations against Office 365 customers, including in campaigns that leveraged COVID-19 lures.
According to court documents obtained by ZDNet, Microsoft has targeted a phishing group that has been targeting the company's customers since December 2019.
The phishers operated by sending emails to companies that hosted email servers and enterprise infrastructure on Microsoft's Office 365 cloud service.
The emails were spoofed to look like they came from fellow employees or a trusted business partner. This particular phishing operation was unique because attackers didn't redirect users to phishing sites that mimicked the Office 365 login page.
Instead, hackers touted an Office document. When users tried to open the file, they were redirected to install a malicious third-party Office 365 app created by the hackers...
(Excerpt) Read more at zdnet.com ...
Credit where it’s due.
Another reason I’ll never use Win 10.
Now track down the hackers and beat them to within an inch of their lives... and when as they recover let them know we are going to do it again and again.
While I appreciate the shut down of illegal activity, I am wondering what legal principle allows the domains to be awarded to Microsoft as opposed to being taken over by the government.
Next thing that happens is that they will catch the perps and lend them to Microsoft where they will be chained to a desk, fed only junk food and coffee, and forced to code for the rest of their lives.
>>including in campaigns that leveraged COVID-19 lures
I don’t get my CV19 information from Microsoft or any corporation or accept such “advice” unsolicited.
But these days Fakebook, aPple, etc all want to be your friend and your source of health updates. For your own good.
LMAO! Need some context here. Otherwise your response just comes across as kneejerk anti-MS FUD.
"Awarded" to Microsoft? There's no government control of the domain naming system. ICANN oversees everything related to domain naming. Microsoft made both a technical and legal case to ICANN to overtake these domain names.
It's no different than if an organization sues a scammer who buys a domain with 1 letter different from the legitimate business and tries to masquerade as them. Think WhiteHouse.com from a few years ago.
Okay then....
Sounds to me like you work for Microsoft. As far as I’m concerned, that’s the only reason you would respond that way.
I don’t want Microsoft to see what I’m doing, what music I listen to, or have my settings reset on a regular basis due to their “updates” which regularly break something.
The article was about Microsoft seizing fraudulent websites. What does that have to do with your anti-Win10 comment?
I meant to post that in another thread about Win 10.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.