Entra Passkey Enrollment Vishing Targets Microsoft 365 Users

A threat actor tracked as O-UNC-066 has been conducting vishing campaigns targeting Microsoft 365 users across multiple industries by impersonating Microsoft Entra passkey enrollment processes. Attackers use phishing sites mimicking legitimate enrollment portals to trick victims into registering passkeys controlled by the attacker, enabling account takeover and data theft from SharePoint and OneDrive. The extortion group Pink, associated with this campaign, exfiltrates stolen data and pressures victims for ransom payments.

https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/