Okta says a vishing campaign tracked as O-UNC-066, also known as CL-CRI-1147 and Pink, is targeting organizations across multiple sectors to steal Microsoft 365 credentials through fake Microsoft Entra ID passkey enrollment pages. The operator-controlled phishing kit uses real-time interaction and attacker-controlled passkey registration to take over accounts and enable data extortion against victims in industries including automotive, aviation, healthcare, and technology. #O-UNC-066 #CL-CRI-1147 #Pink #MicrosoftEntraID #Microsoft365
Keypoints
- The campaign began in April and uses voice calls to lure victims.
- Victims are sent to fake Microsoft Entra ID login pages.
- The attackers pretend the user must register a new passkey.
- The phishing kit is operator-controlled and adapts in real time.
- Targeted sectors include automotive, aviation, healthcare, and technology.
Read More: https://www.securityweek.com/okta-warns-of-vishing-attacks-targeting-microsoft-365-customers/