The attack “targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and re-direct wire transfers,” Microsoft said in a blog post. The campaign was vast, hitting millions of Microsoft Office 365 users with attempted hacks in a single week, the company said.
Microsoft was able to disrupt the scheme through a recent court ruling, which allowed the company to take over domains used by the cyber criminals and prevent them from being used for cyber-attacks, according to the post.
The phishing attacks were executed by hackers who posed as employers and other trusted senders in emails that were sent to users of Office 365. The messages contained attachments that, when clicked, prompted users to grant access to a web application that resembled those “widely used in organizations.” However, in this case, the “familiar-looking” applications were malicious and granting access let cyber-attackers into users’ Office 365 accounts, according to the company.
“The criminals attempted to gain access to customer email, contact lists, sensitive documents and other valuable information,” the blog said.
In the early part of the hacking campaign, the attachments had titles related to standard business terms, such as “Q4 Report – Dec19.” However, the hackers recently renewed their phishing efforts using attachment names related to the pandemic, such as “COVID-19 Bonus,” according to Microsoft.
Coronavirus-themed phishing attacks have become so pervasive in recent months that the U.S. and U.K. governments warned about their growing use. For example, in March, the number of attempted phishing emails sent by criminals and state-linked actors more than quadrupled amid the spreading virus, the cybersecurity firm FireEye Inc. reported. And, this spring, a barrage of cyberscams and hacking attempts related to the virus hit remote workers as criminals sought to profit from the pandemic.
Microsoft declined to say how many users were sent phishing emails by the attackers, or how many of those emails were successful in tricking users to open their malicious payload. The company also didn’t comment on potential suspects for the phishing campaign, beyond ruling out the possibility that the criminals were sponsored by a nation state.