Microsoft has obtained a court order this month allowing the company to seize control of six domains that were used in phishing operations against Office 365 customers, including in campaigns that leveraged COVID-19 lures.
According to court documents obtained by ZDNet, Microsoft has targeted a phishing group that has been targeting the company's customers since December 2019.
The phishers operated by sending emails to companies that hosted email servers and enterprise infrastructure on Microsoft's Office 365 cloud service.
The emails were spoofed to look like they came from fellow employees or a trusted business partner. This particular phishing operation was unique because attackers didn't redirect users to phishing sites that mimicked the Office 365 login page.
Instead, hackers touted an Office document. When users tried to open the file, they were redirected to install a malicious third-party Office 365 app created by the hackers.