Entra passkey enrollment vishing targets Microsoft 365 users

Entra passkey enrollment vishing targets Microsoft 365 users
A threat actor is using vishing and fake Microsoft Entra passkey enrollment requests to trick Microsoft 365 users into handing over credentials and MFA responses. Okta attributes the campaign to O-UNC-066, linked to the Pink extortion operation, which targets multiple industries and rapidly steals data from Microsoft services after account takeover. #MicrosoftEntra #Microsoft365 #O-UNC-066 #Pink #TheCom

Keypoints

  • The attacker calls users and claims they must enroll a new Microsoft Entra passkey.
  • Victims are sent to phishing sites that mimic the real Entra passkey enrollment portal.
  • The kit is an operator-controlled PHP panel that adapts to different MFA methods in real time.
  • Okta tracks the activity as O-UNC-066, linked to the Pink extortion operation.
  • Pink targets multiple sectors and quickly exfiltrates data from SharePoint and OneDrive.

Read More: https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/