A previously unknown threat group is conducting large-scale credential-harvesting attacks combining email spam, Microsoft Teams impersonation, and fake "Mailbox Repair Utility" phishing pages, according to Google's Threat Intelligence Group. The phishing pages use a psychological "double-entry" password validation trick to capture credentials twice while reinforcing perceived legitimacy. Stolen credentials are exfiltrated to attacker-controlled Amazon S3 buckets.
Safety
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
A previously unknown threat group is weaponizing Microsoft Teams impersonation and a sophisticated double-entry password validation trick to harvest credentials at scale, exfiltrating stolen data through Amazon S3 buckets.
Saturday, April 25, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety