A new phishing-as-a-assistance (PaaS) tool named “Greatness” has been deployed as part of a number of phishing strategies considering that at minimum mid-2022.
The results occur from security scientists at Cisco Talos, who explained them in an advisory revealed on Wednesday.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Greatness incorporates options observed in some of the most superior PaaS choices, these types of as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots,” wrote researcher Tiago Pereira.
Primarily based on the company’s investigation, Greatness is solely focusing on victims by means of Microsoft 365 phishing web pages. The business provides its affiliate marketers an attachment and url builder to build reliable-hunting decoy and login web pages.
Study extra on identical attacks: Microsoft 365 Applications Continue on to be the Most Exploited Cloud Companies
“It contains attributes these types of as acquiring the victim’s email handle pre-filled and displaying their ideal business symbol and history graphic, extracted from the focus on organization’s serious Microsoft 365 login site,” Pereira stated.
“This will make Greatness notably nicely-suited for phishing company people.”
Soon after examining the domains focused in different strategies, Cisco Talos uncovered that the victims were being mainly corporations positioned in the US, UK, Australia, South Africa and Canada.
Production, health and fitness care and technology have been the sectors most generally specific. Even so, Pereira clarified the distribution of victims varied marginally in between strategies in phrases of nation and sector.
“To use Greatness, affiliates should deploy and configure a supplied phishing kit with an API vital that will allow even unskilled risk actors to conveniently get edge of the service’s additional state-of-the-art attributes,” reads the advisory.
“The phishing package and API do the job as a proxy to the Microsoft 365 authentication procedure, doing a ‘man-in-the-middle’ attack and stealing the victim’s authentication qualifications or cookies.”
The Indicators of Compromise (IOC) for the investigate executed by Cisco Talos are available on their GitHub repository.
The results arrive a couple of months after Kaspersky security scientists uncovered a new variety of phishing attack that used respectable servers from Microsoft’s collaboration system, SharePoint.
Some components of this short article are sourced from:
www.infosecurity-journal.com