On Tuesday, Microsoft and cybersecurity firm Proofpoint warned that a threat actor had recently abused Microsoft’s verified publisher status to launch a campaign involving malicious OAuth applications. The warning stated that organizations using cloud services should be aware of the campaign, especially those in Ireland and the UK. Microsoft has already taken measures to stop the operation and released an article detailing how organizations can protect themselves.
Microsoft is referring to the campaign as ‘consent phishing,’ a type of attack where the threat actor seeks to trick targets into granting permissions. Once the permissions are obtained, the malicious apps gain access to cloud services and user data. The verified publisher status helps lend the threat actors legitimacy and increase their chances of being successful. Microsoft stated that the attackers impersonated legitimate companies when enrolling in its Microsoft Cloud Partner Program.
Read More: Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
