A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat actor begins by registering domains that include the term “passkey” (for example, assignpasskey[.]com, deploypasskey[.]com, passkeydeploy[.]com, passkeyadd[.]com, setpasskey[.]com) and creating per-target subdomains. Microsoft Entra ID login pages. Pages load generic Microsoft styling […]
The post Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Mayura Kathir
Source: gbHackers
Source Link: https://gbhackers.com/microsoft-entra-passkey-enrollment/