Vishing actors target Entra passkey enrollment

Vishing actors target Entra passkey enrollment
Since April 2026, O-UNC-066, also known as Pink, has used a panel-controlled phishing kit and vishing scheme to target Microsoft 365 passkey enrollment and trick users into authorizing a fraudulent passkey. Okta observed the activity across multiple industries, with the attackers primarily seeking data extortion, though the kit does not handle third-party federation and no direct Microsoft account compromise was observed. #O-UNC-066 #Pink #Microsoft365 #Okta

Keypoints

  • O-UNC-066, also known as Pink, is behind the phishing campaign.
  • The attack targets Microsoft 365 passkey enrollment through vishing.
  • Domains containing β€œpasskey” are used to lure victims by phone.
  • The phishing kit mimics Microsoft’s passkey enrollment flow.
  • Okta saw the activity across several industries, with data extortion as the goal.

Read More: https://www.okta.com/en-au/blog/threat-intelligence/vishing-actors-target-microsoft-entra-passkey-enrollment-/