all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process

Add to bookmarks
Jan. 31, 2023, 8 a.m. |

Microsoft Security Response Center msrc-blog.microsoft.com

Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly known as Microsoft Partner Network (MPN)). The actor used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD.

abusing accounts actor app aware azure azure ad campaign cloud companies consent consent phishing december fraudulent impersonating investigation microsoft microsoft cloud network oauth partner partner program phishing phishing campaign process program publisher registrations threat threat actor threat actors verified verified publisher

Visit resource

More from msrc-blog.microsoft.com / Microsoft Security Response Center

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 2 weeks, 1 day ago | msrc-blog.microsoft.com
check chen customers hard +13
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs 3 weeks, 3 days ago | msrc-blog.microsoft.com
center communities current customers +20
Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team 1 month ago | msrc-blog.microsoft.com
analysts banking collect curiosity +20
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard 1 month, 3 weeks ago | msrc-blog.microsoft.com
actions actor attack blizzard +24
Faye’s Journey: From Security PM to Diversity Advocate at Microsoft 2 months ago | msrc-blog.microsoft.com
career deployment desktop desktops +9
Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and … 2 months ago | msrc-blog.microsoft.com
award awards bounty bug +16
From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin 2 months ago | msrc-blog.microsoft.com
adventures cybersecurity dream found +7
An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career … 2 months, 1 week ago | msrc-blog.microsoft.com
bruce career college dream +13
New Security Advisory Tab Added to the Microsoft Security Update Guide 2 months, 2 weeks ago | msrc-blog.microsoft.com
advisory customers feedback guide +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

DevSecOps Engineer

@ LinQuest | Beavercreek, Ohio, United States
View on infosec-jobs.com

Senior Developer, Vulnerability Collections (Contractor)

@ SecurityScorecard | Remote (Turkey or Latin America)
View on infosec-jobs.com

Cyber Security Intern 03416 NWSOL

@ North Wind Group | RICHLAND, WA
View on infosec-jobs.com

Senior Cybersecurity Process Engineer

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

Sr. Manager, Cybersecurity and Info Security

@ AESC | Smyrna, TN 37167, Smyrna, TN, US | Santa Clara, CA 95054, Santa Clara, CA, US | Florence, SC 29501, Florence, SC, US | Bowling Green, KY 42101, Bowling Green, KY, US
View on infosec-jobs.com
View more jobs