image credit: Adobe Stock

Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts

February 1, 2023

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations’ cloud environments and steal email.

“The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting permissions to the fraudulent apps,” the tech giant said. “This phishing campaign targeted a subset of customers primarily based in the U.K. and Ireland.”

Read More on The Hacker News