By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Hackers Exploit Fake Microsoft Entra Passkey Enrollment

A sophisticated threat actor, identified by Okta as O-UNC-066, is actively targeting organizations across various sectors by exploiting the Microsoft Entra passkey enrollment process. This campaign utilizes voice-based phishing tactics, commonly known as vishing, to trick Microsoft 365 users into believing they need to enroll a new passkey for security purposes. The attackers employ a panel-controlled phishing kit specifically designed to mimic the legitimate Entra passkey enrollment flow.
Once a user is deceived into initiating the fake enrollment, the threat actor gains unauthorized access to their Microsoft 365 account. The ultimate objective of this attack is data extortion, where the compromised credentials and access are leveraged to steal sensitive information from the targeted organizations. This method bypasses traditional multi-factor authentication by manipulating the user into performing the authentication step themselves through the fraudulent enrollment process.
The phishing kit's capability to target the passkey enrollment process is a notable advancement in phishing techniques, moving beyond simple credential harvesting. By impersonating a legitimate security procedure, the attackers increase the likelihood of success. The campaign's multi-sectoral reach indicates a broad and indiscriminate targeting strategy, aiming to compromise as many organizations as possible.
Okta's analysis highlights the evolving nature of cyber threats and the need for organizations to remain vigilant against novel attack vectors. The use of vishing combined with a tailored phishing kit targeting a specific authentication mechanism like passkey enrollment presents a significant challenge for security teams. Organizations are advised to educate their users about these evolving threats and reinforce security best practices to prevent account compromise.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.