Microsoft Accounts Targeted

Topic

New Reply

…by Russian-themed credential harvesting!

Ref: https://threatpost.com/microsoft-accounts-targeted-russian-credential-harvesting/178698/

Malicious emails warning Microsoft users of “unusual sign-on activity” from Russia are looking to capitalizing on the Ukrainian crisis… /

…Phishing emails to Microsoft users warning of Moscow-led account hacking have started to make the rounds, looking to lift credentials and other personal details… /

…That’s according to Malwarebytes, which uncovered a spate of spam email that name-checks Russian hacking efforts.

No problem can be solved from the same level of consciousness that created IT- AE

5 users thanked author for this post.

vp2006, AlphaCharlie, Kirsty, NetDef, Alex5723

Reply | Quote

Replies

I wonder what might be going on with Macs and Linux: smaller targets, true, but not insignificant. And some are in big business and government offices, including their servers and — of course, their stuff out in the “Cloud.” I believe this to be particularly so in Western Europe.

I also wonder if this is coming from some outfit of the Russian government, or is just the usual freelancers taking advantage of confusion to have a go at the big fish and random home users.

There is a Spanish old saying: “A río revuelto, ganancia de pescadores” (in turbulent river, big gain (or catch) for fishers)  and this particular río is well and truly revuelto, amigo.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Nothing to do with the OS / machine manufacturer, these are phishing emails designed to harvest account info.

cheers, Paul

1 user thanked author for this post.

OscarCP

Reply | Quote

For all critical accounts, Microsoft or otherwise, I strongly recommend enabling Multi-Factor Authentication (preferably via YubiKey, or Duo or Authy type apps, or at least SMS if no other method available.)

I’m a big fan of the free-to-use (for personal) Authy system.  It’s one of the few that allows you to synch your one-time key generators with multiple devices and is compatible with Microsoft personal accounts, work and school accounts, Gmail, and many many other systems.

SMS code delivery is better than no MFA at all, but has weaknesses related to hostile SIM swapping.

~ Group "Weekend" ~

1 user thanked author for this post.

Kirsty

Reply | Quote

I got today a similar mobile message from “PayPal” “unusual sign-on activity” .
Deleted immediately.

Reply | Quote

And I am  still wondering if this is coming from some outfit of the Russian government, or from freelancers taking advantage of the current situation. This distinction matters.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

My bet is the latter, but we will never know.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

OscarCP

Reply | Quote

OscarCP wrote:

This distinction matters

No it doesn’t, all spam phishing attempts should be treated with the contempt they deserve and marked as spam.

cheers, Paul

Reply | Quote

The distinction is between a Russian government sponsored attack on targets in other countries, and some freelancer, or freelancers trying to make money in some nasty way out of Internet users’ carelessness, naïveté, or plain bad luck, when receiving a spiked email or browsing a spike Website. I think that a Russian attack is a more serious problem, so there is a distinction that way, and it is one that matters.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

How do freelancers IN Russia rate on your sliding scale of scammer nastiness? Siphoning blackmail proceeds to Russia is not so bad as long as it’s not government-run?

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

It’s a geopolitical issue: a country government attacking other countries, not some shady characters who maybe, who knows, might be helping, in this case, Russian interests while having nothing to do with its regime. Which is what I mean by “freelancers.”

And it is one reason to doubt that, if it is freelancers, they are doing this on Russia’s behalf. They might, but I don’t think it is likely: freelancers like to be “free” of political entanglements.

Could I be wrong? Yes: I am not living in Putin’s pocket, so based on the very limited information at my disposal, I assume it is possible, but unlikely.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Consider that perhaps freelancers have remained ‘free’ because it is in PutIn’s interest to have them do what they do with a bit of plausible deniability.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Letting them? Maybe. Making them? I doubt it, unless they are inside Russia, in which case they are no longer “free” lancers.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote