Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Okta Alerts on Vishing Threat to Microsoft 365 Users

Okta Alerts on Vishing Threat to Microsoft 365 Users

Posted on July 10, 2026 By CWS

Okta has issued a warning about a vishing campaign targeting Microsoft 365 users across various sectors. Initiated in April, the scheme aims to steal user credentials through deceptive voice calls.

Vishing Campaign Targets Multiple Industries

The attackers, identified as group O-UNC-066 or CL-CRI-1147, have primarily focused on sectors such as automotive, aviation, construction, food and beverage, healthcare, and technology. The group, also known as Pink, seeks to extort data by tricking users into accessing fraudulent Microsoft Entra ID login pages.

Deceptive Tactics and Domain Manipulation

The threat actors have registered domains featuring the term ‘passkey’ to mislead users into believing they are engaging in legitimate Microsoft passkey processes. These sites are crafted to mirror official Microsoft enrollment pages, exploiting users’ trust.

Okta reports that the phishing kit employed in these attacks is distinct, with an operator-controlled PHP panel that requires active engagement to gather user credentials and multi-factor authentication tokens.

Complex Phishing Mechanism

Unlike typical phishing kits, this campaign involves real-time interaction, guiding victims through several authentication steps. The kit adapts based on the victim’s multi-factor authentication settings, impersonating legitimate process flows.

Okta highlights the attackers’ strategy of integrating BIP-39 phrases into the process, which seems irrelevant to Microsoft Entra operations. This step may serve as a diversion while the attackers register their own passkeys in victims’ accounts.

Upon registering a passkey, the compromised account receives a genuine notification from Microsoft, potentially masking the attacker’s actions under benign-seeming passkey names.

Implications and Recommendations

Okta’s alert underscores the sophistication of modern phishing attacks and the necessity for heightened vigilance and security measures. Users are advised to remain cautious of unsolicited communications and verify any passkey registration notifications with Microsoft.

As cyber threats continue to evolve, organizations and individuals alike must prioritize cybersecurity awareness and proactive measures to safeguard their digital assets.

Security Week News Tags:credential theft, cyber threats, Cybersecurity, data extortion, MFA, Microsoft 365, Microsoft Entra, Okta, Passkey, Phishing, phishing kit, security alert, Technology, user security, Vishing

Post navigation

Previous Post: New MODBEACON RAT Leverages Encrypted C2 Traffic
Next Post: Windows Shortcuts Exploit PowerShell for Remote Attacks

Related Posts

Latest Android Update Fixes Zero-Day and 123 Vulnerabilities Latest Android Update Fixes Zero-Day and 123 Vulnerabilities Security Week News
ShinyHunters-Branded Extortion Activity Expands, Escalates ShinyHunters-Branded Extortion Activity Expands, Escalates Security Week News
Apple Enhances Security with New Update System Apple Enhances Security with New Update System Security Week News
Escape Secures  Million to Enhance Automated Pentesting Escape Secures $18 Million to Enhance Automated Pentesting Security Week News
160,000 Impacted by Wayne Memorial Hospital Data Breach 160,000 Impacted by Wayne Memorial Hospital Data Breach Security Week News
Intel and AMD Address 70 Security Weaknesses on Patch Tuesday Intel and AMD Address 70 Security Weaknesses on Patch Tuesday Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical GNU Guix Vulnerabilities Permit Remote Attacks
  • DHS Database Breach and Adobe’s Security Enhancements
  • WhatsApp-to-Host Attack via OpenClaw Flaws Detailed
  • Windows Shortcuts Exploit PowerShell for Remote Attacks
  • Okta Alerts on Vishing Threat to Microsoft 365 Users

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical GNU Guix Vulnerabilities Permit Remote Attacks
  • DHS Database Breach and Adobe’s Security Enhancements
  • WhatsApp-to-Host Attack via OpenClaw Flaws Detailed
  • Windows Shortcuts Exploit PowerShell for Remote Attacks
  • Okta Alerts on Vishing Threat to Microsoft 365 Users

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark