A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks.

The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that’s capable of targeting the passkey enrollment process. The…

Read the rest of the story at Read More

Source: The Hacker News

Related posts

Leave a Comment