Ongoing campaign has kept the Office 365 security team on its toes for some time.
Cybersecurity researchers at Microsoft have shared extensive details about a long-running highly evasive spear- phishing campaign that has targeted Office 365 customers since at least July 2020. In a blog post, the Microsoft 365 Defender Threat Intelligence Team shares that the campaign began with the objective of harvesting usernames, and passwords, but has since moved on to collate other information such as IP addresses and the location of its victims, which the attackers supposedly use in later infiltration attempts. “This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving,” the researchers note.
