"Attackers Used Malicious "Verified" OAuth Apps to Infiltrate Organizations' O365 Email Accounts"
According to Microsoft, unknown attackers have used malicious third-party OAuth apps with a "Publisher identity verified" badge to target companies in the UK and Ireland. The attacks were identified by Proofpoint researchers around the beginning of December 2022, and involved three malicious apps masquerading as SSO and online meeting apps. The targets who fell for the scheme granted these malicious apps access to their O365 email accounts and organizations' cloud environments. Proofpoint researchers explained that the possible impact on companies includes compromised user accounts, data exfiltration, brand abuse of impersonated organizations, Business Email Compromise (BEC) fraud, and mailbox abuse. This article continues to discuss the use of malicious "verified" third-party OAuth apps by attackers to infiltrate organizations' O365 email accounts.