Hackers spoof new Azure AD and Microsoft 365 sign-in pages

Nefarious hackers waste no time spoofing new sign-in pages

Microsoft has discovered that hackers have been hard at work revamping their phishing campaigns to use the new Azure AD and Microsoft 365 sign-in pages. 

According to a tweet from the company: “Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns. We have so far seen several dozens of phishing sites used in these campaigns.”

The Azure AD sign-in experience underwent a redesign about three months ago, but the new sign-in pages didn’t roll out until the first week of April.

Microsoft intended the redesign to reduce bandwidth requirements when loading Azure AD sign-in pages. The new design also made it easier for potential victims to determine when an attacker with outdated phishing tools targeted them. Now, it appears hackers have updated their tools to include updated sign-in pages.

With their spoofed paged now up to date, hackers are back to their old tricks. By sending out emails with the subject line “Business Document Received,” hackers have tricked unsuspecting users into opening fake PDFs. For some recipients, opening these malicious PDFs leads them to the new Azure AD or Microsoft 365 sign-in pages.

Microsoft’s Security Intelligence team said of the spoofed pages: “Microsoft Threat Protection provides comprehensive protection against these threats. Office 365 ATP catches ever-changing threats by exposing and detecting malicious behavior using detonation and machine learning. Microsoft Defender ATP blocks malicious documents on endpoints.”

Microsoft has addressed the spoofed pages, but Azure AD and Microsoft 365 aren’t the only Microsoft products malicious actors have targeted. Just a few weeks ago, a series of phishing attacks used images from automated Microsoft Teams notifications to steal Office 365 credentials from unsuspecting users. The company’s Sway service was also recently impacted by a highly targeted spear-phishing campaign that’s since been dubbed PerSwaysion.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

CISA orders agencies to fix Microsoft vulnerabilities abused by Chinese hackers
Security

CISA orders agencies to fix Microsoft vulnerabilities abused by Chinese hackers

4 Mar 2021
Microsoft doubles down on zero trust security policies
enterprise security

Microsoft doubles down on zero trust security policies

2 Mar 2021
Microsoft Azure Percept promises to make edge computing a doddle
Microsoft Azure

Microsoft Azure Percept promises to make edge computing a doddle

2 Mar 2021
Microsoft takes on Slack with new Teams Connect feature
communications

Microsoft takes on Slack with new Teams Connect feature

2 Mar 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021