Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers

Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers
Okta says a vishing campaign tracked as O-UNC-066, also known as CL-CRI-1147 and Pink, is targeting organizations across multiple sectors to steal Microsoft 365 credentials through fake Microsoft Entra ID passkey enrollment pages. The operator-controlled phishing kit uses real-time interaction and attacker-controlled passkey registration to take over accounts and enable data extortion against victims in industries including automotive, aviation, healthcare, and technology. #O-UNC-066 #CL-CRI-1147 #Pink #MicrosoftEntraID #Microsoft365

Keypoints

  • The campaign began in April and uses voice calls to lure victims.
  • Victims are sent to fake Microsoft Entra ID login pages.
  • The attackers pretend the user must register a new passkey.
  • The phishing kit is operator-controlled and adapts in real time.
  • Targeted sectors include automotive, aviation, healthcare, and technology.

Read More: https://www.securityweek.com/okta-warns-of-vishing-attacks-targeting-microsoft-365-customers/