Malicious hybrid cloud campaign uses 0Auth apps to target C-level executives

News
Researchers reported a new hybrid cloud campaign — dubbed OiVaVoii — that uses hijacked Office 365 users and a sophisticated combination of malicious OAuth apps and targeted phishing threats to attack many C-level executives, including CEOs, general managers, former board members and the presidents of companies.

The OiVaVoii campaign serves as another example of attackers seeking out vulnerabilities that exist within the evolving state of hybrid/remote work, said Adam Gavish, co-founder and CEO of DoControl. Gavish said it’s also yet another example of an established trusted third-party becoming compromised, in this case with OAuth.

“The fraudulent permissions requests from the malicious apps that were created appeared to be completely legitimate, blurring the lines between what’s spoofed and what’s actually real,” Gavish said. “This attack also reminds us that the C-suite is a highly attractive target, considering the access they have to sensitive company data. The permission scopes within these malicious applications provided read/write access, enabling the exfiltrating of sensitive files from these executive personas with relative ease.”  

Read full article
Get updates to your inbox
Our latest tips, insights, and news
DoControl - SaaS data access control - Linkedin logoDoControl - SaaS data access control - Twitter logo
Get updates to your inbox
Our latest tips, insights, and news