An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs).
The attacks are part of multiple phishing campaigns collectively dubbed the “Compact” Campaign, active since early 2020 first detected by the WMC Global Threat Intelligence Team.
“Phishers continue to find success in using compromised accounts on email marketing services to send malicious emails from legitimate IP ranges and domains,” Microsoft’s security experts said.
“They take advantage of configuration settings that ensure delivery of emails even when the email solution detects phishing.”
Source: BleepingComputers