This Microsoft 365 spear-phishing campaign has been running riot for over a year

Campaign shows the worst kind of modern email threat, says Microsoft

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers atMicrosofthave shared extensive details about a long-running highly evasive spear-phishingcampaign that has targetedOffice 365customers since at least July 2020.

In ablog post, theMicrosoft 365Defender Threat Intelligence Team shares that the campaign began with the objective of harvesting usernames, and passwords, but has since moved on to collate other information such as IP addresses and the location of its victims, which the attackers supposedly use in later infiltration attempts.

“This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving,” the researchers note.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Since the campaign includes various details about the targets, such as their email address and company logo to appear genuine, Microsoft believes the attackers had garnered these details during an earlier reconnaissance exercise.

Constantly evolving threat

The security researchers note that this campaign is also a prime example of how email-based attacks continue to make novel attempts to bypassemail securitysolutions.

For instance, to keep the security teams on their toes, the attackers changed obfuscation and encryption mechanisms every 37 days on average.

This campaign uses multilayer obfuscation and encryption mechanisms for known existing file types, such asJavaScript, as well as multilayer obfuscation inHTMLto evade browser security solutions.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments,” share the researchers, noting that some of the code segments of the campaign reside in various open directories and are called by encoded scripts.

Comparing it to a jigsaw puzzle, the researchers noted that the pieces of the campaign appear harmless individually, and only reveal their sinister intent once they are combined.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Latest Google Pixel update includes surprise launch of Android 15’s best battery feature