Microsoft sues coronavirus phishing spammers to seize their domains amid web app attacks against Office 354.5

A very busy six months for Redmond's Digital Crimes Unit

Microsoft has taken legal action to seize web domains being used to launch coronavirus-themed phishing attacks.

The Windows giant obtained an order from US courts allowing it to seize domains being used for phishing, having first spotted the miscreants doing their thing in December 2019.

“Microsoft’s Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts,” said the mega-corp in a blog post this week.

Having KO’d them back then through unspecified “technical means to block the criminals’ activity and disable the malicious application used in the attack,” Redmond’s people observed them setting up again to try business email compromise attacks with a coronavirus theme.

Someone peeking over their desk out of sight

Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers


The phishing lures included bait text such as “COVID-19 Bonus,” said Microsoft. Upon clicking links provided in the phishing emails, victims were sent to a web app demanding extra permissions. Once armed with this elevated access, the web app would then access the victims' Office 365 accounts.

“This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign,” said Microsoft.

Redmond has not shied away from legal action over the years, the most high-profile sueball being its ongoing case against the American government to stop agents helping themselves to non-US customer data stored on non-US-based Microsoft servers. It’s also suing Uncle Sam for the right to tell customers when American spies are trawling through data stored on Microsoft services.

Further back in time, MICROS~1 has sued dodgy resellers, operators of alleged monopolies (stop laughing at the back), Google and, at the dawn of time, British Hotmail spammers. ®

Other stories you might like

  • Microsoft seizes 41 domains tied to 'Iranian phishing ring'
    Windows giant gets court order to take over dot-coms and more

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

    The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

    "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

    Continue reading
  • Voicemail phishing emails steal Microsoft credentials
    As always, check that O365 login page is actually O365

    Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.

    This email campaign was detected in May and is ongoing, according to researchers at Zscaler's ThreatLabz, and is similar to phishing messages sent a couple of years ago.

    This latest wave is aimed at US entities in a broad array of sectors, including software security, security solution providers, the military, healthcare and pharmaceuticals, and the manufacturing and shipping supply chain, the researchers wrote this month.

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading

Biting the hand that feeds IT © 1998–2022