New phishing kits target Microsoft 365 accounts, evade MFA
ID: 65bbd624-ecb4-5419-a64b-b6b16892459b
STIX ID: report--65bbd624-ecb4-5419-a64b-b6b16892459b
Feed Name: Bleeping Computer
Researchers at ReliaQuest analyzed two phishing kits—Jalisco, which automates Microsoft OAuth device-code phishing to authorize attacker-controlled devices, and OmegaLord, which poses as a PDF reader to steal credentials and phone numbers—both engineered to bypass MFA, enable account takeover, rapidly exfiltrate SaaS/SharePoint data, and facilitate extortion; recommended mitigations include tightening device-registration limits, blocking device-code authentication in conditional access, and auditing app registrations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
