Russian(assuming) Phishing Campaigns are getting solid.

Legit client got compromised. Sent a OneDrive link to my organization that used another compromised or shell MSFT Tenant that was made in OneNote to look like a special Word Doc with a link in a VIEW DOCUMENT.

Link goes to 1sjxiz79uq63f50a8c43880.opticair.ru (CLICK with caution)

Then a cloudflare check

Then the fake Microsoft site, where this one differs is I did my usual eatmyasshole@youfuckingbastards.com -- except this time it kicked it out. So then I did a legit, well known …

campaigns check click client cloudflare compromised cybersecurity doc document fake legit link microsoft msft onedrive onenote organization phishing russian shell solid special word