Multiple reports describe a cyber extortion campaign in which attackers use vishing (voice phishing) to trick employees into enrolling a fake Microsoft Entra passkey. The process begins with a call to the target in which the attacker poses as IT personnel and claims it is time to set up a passkey. According to the accounts, the attacker then directs the victim to a specific web location associated with passkey enrollment, where the interaction is designed to appear legitimate. Okta identifies the activity as being carried out by a threat actor tracked as O-UNC-066, and one outlet links it to the “Pink” extortion crew. The described technique centers on manipulating the Entra passkey enrollment workflow so that the attacker can gain account access rather than solely stealing credentials. After the enrollment process is completed, the attacker is able to take over Microsoft 365 accounts. The Hacker News and Help Net Security both describe the campaign’s broader motivation as data extortion, with the aim of using access to the compromised accounts to pressure victims. The reports also note that the tooling supporting the scheme includes a passkey-focused phishing kit that is controlled via an attacker-controlled panel.
Attackers use fake Entra passkey enrollment to hijack Microsoft 365 accounts
Multiple reports describe a cyber extortion campaign in which attackers use vishing (voice phishing) to trick employees into enrolling a fake Microsoft Entra passkey. The process begins with a call to...
- Attackers use vishing calls that impersonate IT to prompt employees to enroll an Entra passkey.
- The scheme targets the Microsoft Entra passkey enrollment process to obtain access to Microsoft 365 accounts.
- Reports describe phishing infrastructure that presents the enrollment steps as legitimate while attackers complete takeover activity.
- Okta tracks the activity under the identifier O-UNC-066, and at least one outlet attributes it to the “Pink” extortion crew.
- The reported end goal is account access used for extortion or pressure involving data.
A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The
4 hours agoThe Pink cyber extortion crew is tricking employees into giving them access to their Microsoft 365 accounts by faking Entra passkey enrollment requests. The attack The attack starts with a vishing call to an employee. The caller poses as IT and says it’s time to set up a passkey. Everything after that is theater, built to keep the victim occupied while the attacker finalizes everything. The attackers instruct the target to visit a subdomain that … More → The post Extortion crew hijacks Microsoft 365 accounts via fake passkey setup appeared first on Help Net Security.
1 day ago
Rumors suggest Galaxy Z Flip 8 could be Samsung’s last compact clamshell foldable
Multiple reports say a new leak points to Samsung potentially ending its compact clamshell foldable lineup after the Gal...
Palak Purswani marries Rohan Khanna at Isha Yoga Centre in Coimbatore
Television actress Palak Purswani, a contestant from Bigg Boss OTT Season 2, marries marketing professional Rohan Khanna...
MiniMax CEO says he will take no salary until AGI as company raises about $2 billion
MiniMax’s CEO, Yan Junjie, tells the company’s employees he will not take a salary until artificial general intelligence...