Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers

https://www.securityweek.com/wp-content/uploads/2026/07/vishing.jpeg

Organizations across multiple sectors have been targeted in a vishing campaign aimed at harvesting Microsoft 365 credentials, Okta warns.

The campaign started in April and has involved voice calls directing the victims to fake Microsoft Entra ID login pages under the pretense that they need to register a new passkey.

Tracked as O-UNC-066 and also known as CL-CRI-1147 and Pink, the hacking group has been targeting automotive, aviation, construction, food and beverage, healthcare, and technology organizations, mainly for data extortion.

As part of the observed attacks, the threat actor has been registering domains incorporating the word ‘passkey’, and has been directing victims to pages that closely mirror the Microsoft passkey enrollment process.

“It appears engineered to convince a targeted user they are in the process of enrolling a passkey with Microsoft, while the threat actor simultaneously registers their own passkey in the targeted user’s Microsoft account,” Okta says.

...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE