"New 'Greatness' Service Simplifies Microsoft 365 Phishing Attacks"

The Phishing-as-a-Service (PhaaS) platform called 'Greatness' has increased activity as it targets organizations using Microsoft 365 in the US, Canada, the UK, Australia, and South Africa. Many organizations use the Microsoft 365 cloud-based productivity platform, making it an attractive target for cybercriminals seeking to steal data or credentials for use in network breaches. In a new report by Cisco Talos, researchers detail how the Greatness phishing platform launched in the middle of 2022, with activity spiking in December 2022 and March 2023. Many victims work in manufacturing, healthcare, technology, education, real estate, construction, finance, and business services, with most being located in the US. The Greatness PhaaS includes everything a phisher requires to conduct a successful campaign. To initiate an attack, the user accesses the 'Greatness' administration panel with their Application Programming Interface (API) key and a list of target email addresses. The PhaaS platform provides the server that will host the phishing page and the HTML attachment generator. The affiliate then creates the email's content and provides any additional content or adjustments to the default settings. The service then sends the victims a phishing email with an HTML attachment. When this attachment is opened, the browser executes obfuscated JavaScript code to connect to the Greatness server and retrieve the malicious page to display to the user. The phishing service will inject the target's company logo and background image from the employer's Microsoft 365 login page. This article continues to discuss findings and observations regarding the Greatness PhaaS. 

Bleeping Computer reports "New 'Greatness' Service Simplifies Microsoft 365 Phishing Attacks"