Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign

A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat actor begins by registering domains that include the term “passkey” (for example, assignpasskey[.]com, deploypasskey[.]com, passkeydeploy[.]com, passkeyadd[.]com, setpasskey[.]com) and creating per-target subdomains. Microsoft Entra ID login pages. Pages load generic Microsoft styling […]

The post Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Read the original article: