Cisco Talos researchers recently discovered that threat actors are targeting Microsoft 365 via the Greatness Phishing-as-a-Service (PhaaS) platform. The Greatness platform surged operations between December 2022 and March 2023, targeting Microsoft 365 users in the U.S., U.K. Canada, Australia, and South Africa. The victims primarily came from the manufacturing, healthcare, technology, and education sectors in the United States.
Greatness offers malicious actors every tool needed to execute a phishing campaign. This includes hosting the phishing page, generating HTML attachments, customizing email content, and modifying default settings. After a victim clicks a malicious HTML link, their credentials are sent to the hacker’s Telegram channel. Greatness then utilizes the API key to obtain login information, which it then uses to impersonate the victim. The API works with the phishing kit to enact a man-in-the-middle attack, enabling bad actors to collect personal information in real time.
Read More: