A Russian threat actor, UTA0355, conducts targeted phishing campaigns impersonating international security events to steal Microsoft 365 credentials. The group employs advanced social engineering tactics and manipulates OAuth workflows, leveraging compromised accounts for increased trust. #UTA0355 #BelgradeSecurityConference #BrusselsIndoPacificDialogue #MicrosoftOAuth
Keypoints
- UTA0355 creates realistic fake websites for high-profile conferences to deceive victims.
- The group uses a patient, personalized approach, building rapport before sending phishing links.
- Attacks exploit Microsoftβs OAuth workflows to obtain persistent access tokens without stealing passwords.
- Using compromised accounts from legitimate organizations enhances attack credibility and effectiveness.
They offer live support via messaging apps to guide victims through authentication.