"UK Health System Email Accounts Hijacked to Steal Microsoft Logins"

According to the email security firm INKY, 139 employees of the National Health Service (NHS) in the UK were victims of account takeover in the previous year. The attack began with the threat actors gaining access to legitimate NHS email accounts. They then used the accounts to launch phishing campaigns in order to steal Microsoft login credentials. The takeovers likely occurred in October 2021, and the phishing schemes continued at least until April 2022. The attackers sent 1,157 phishing emails from NHS accounts. The attackers included the NHS email footer disclaimer at the bottom of the emails to make them appear more legitimate. They also pretended to be from Microsoft and Adobe by using their logos on emails. According to INKY, the attackers sent phishing emails through two NHS IP addresses, which serve as relays for processing large volumes of email. Furthermore, all of the phishing emails sent from the compromised accounts passed the NHS outbound email authentication. For account takeovers, many cyber criminals use brute force attacks. The attackers used an automated system to cast a wide net of commonly used passwords. They could then gain access to accounts, mostly email accounts. This article continues to discuss the takeover of NHS accounts to steal Microsoft logins. 

Security Intelligence reports "UK Health System Email Accounts Hijacked to Steal Microsoft Logins"