Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

Article summary
Quick briefing — cleaned from the original RSS feed
A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The
1Key Takeaways
- A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks.
- The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process.
2AIWedia Score
8.3/10
High relevance — worth your attention today
Based on source trust, recency, category impact, and story depth.
3Why it matters
Security headlines highlight new attack surfaces as AI gets embedded in more systems. The Hacker News reports that a threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks.
Explore related
Browse toolsRelated tools
Cybersecurity news
Explore curated cybersecurity tools on AIWedia — compare, rank, and launch from our directory.
Full story on The Hacker News
Read full articleHeadlines aggregated via RSS for discovery on AIWedia. Original content © The Hacker News. We link to the source and do not republish full articles.
