In the world of cybercrime, no one is safe. Even big companies like Microsoft fall targets to attacks, be it malware, phishing, or even ransomware. A while ago, threat actors used fake Windows 11 installers to spread RedLine malware. Now, Microsoft has been exploited, yet again, in phishing attacks to target the company’s customers through Azure Static Web Pages.
Apparently, cybercriminals are creating fake pages that resemble Micorosft’s service to lure its customers into submitting sensitive information. Yeah, it’s big.
With such a campaign, cybercriminals can get a lot, especially since their targets involve those with Microsoft Office 365, Outlook, and OneDrive accounts. What is this all about? We’ll shed more light on the matter next.
Fake Azure Static Web Pages – Microsoft Impersonated Yet Again
Azure Static Web Pages is a very popular Microsoft service used all over the world as it helps full-stack web apps to Azure from a code repository. In fact, the service itself has become a huge part of a developer’s daily workflow.
However, in the world of cybercrime, popularity only attracts threat actors as they’d find several ways to use this service to their advantage.
Based on the research done by MalwareHunterTeam, cybercriminals have created landing pages and login forms that mimic official Microsoft pages. In fact, as we can see below, they almost look exactly the same:
Unfortunately, the threat actors might have perfected this one as the trick is almost solid. Even the most suspicious of us would fall for this due to the certificate issued by Microsoft Azure TLS Issuing CA 05 to *.1.azurestaticapps.net.
In other words, this clearly shows the phishing page as an official Microsoft login form, which makes falling right into this trap even easier.
It doesn’t stop here. By utilizing the fake veil of security added by the legitimate Microsoft TLS certs, attackers can easily target users on other platforms such as AOL, Yahoo, Rackspace, and other email providers.
Microsoft Phishing Attack – Azure, the Perfect Lure
Phishing attacks have become pretty common nowadays. Sadly, a lot of users are falling victims to such attacks, due to their lack of knowledge.
We highly advise you to always be vigilant when visiting a website. Always check the URL when asked to fill in your account credentials in any kind of login form.
If you’re using Azure, make sure that everything is in place, and don’t always trust the certificate. You’ve seen how this was exploited in this Microsoft phishing attack.