Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Cybercriminals Target Microsoft 365 with New Tool
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Cybercriminals Target Microsoft 365 with New Tool

Highlights

  • Greatness targets Microsoft 365 users to steal credentials.

  • It employs advanced evasion techniques, complicating mitigation.

  • Law enforcement efforts continue, but challenges persist.

Kaan Demirel
Last updated: 27 May, 2024 - 7:22 pm 7:22 pm
Kaan Demirel 12 months ago
Share
SHARE

Cybersecurity experts have identified a new threat to Microsoft 365 users. A tool called Greatness is being used by cybercriminals to steal login credentials. First spotted in 2022, this Phishing-as-a-Service (PaaS) platform allows attackers to evade security measures effectively. The tool’s advanced features make it increasingly popular among malicious actors. Efforts by law enforcement agencies to dismantle such services continue, but the threat persists as attackers evolve their methods.

Contents
Greatness Phishing KitEvolving Threat TacticsKey Points

Greatness Phishing Kit

Greatness is a Phishing-as-a-Service platform designed to help cybercriminals steal login credentials, primarily targeting Microsoft 365 users. Launched in 2022, it was developed to bypass multi-factor authentication and other security mechanisms. By incorporating advanced evasion tactics and regularly updating its features, Greatness has become a significant tool for cybercriminals.

Evolving Threat Tactics

In its initial stages, Greatness used malicious HTML attachments disguised as login pages to trick users. Server-side validation determined whether to show an error message or the phishing page. After public exposure, attackers shifted to using PDF files and URLs. Now, the tool employs multi-layered evasion techniques, including CAPTCHAs and QR codes in PDFs, to avoid automated analysis before verification. This makes stopping such attacks challenging, as they rely on publicly available information.

Earlier reports on Greatness indicated that it primarily targeted businesses in the United States, specifically within the financial services industry. Over time, its scope has expanded to include sectors like manufacturing, energy, retail, and consulting. The phishing emails often contain a QR code that directs victims to a malicious link. The tool’s ability to dynamically load JavaScript libraries and use obfuscated content complicates efforts to analyze and mitigate these attacks.

Recent findings have shown that Greatness employs an Adversary In The Middle (AiTM) technique, allowing it to bypass Multi-Factor Authentication (MFA). The phishing kit not only steals credentials but also intercepts the MFA prompt, relaying the necessary information to the legitimate service. This enables attackers to gain access and impersonate the victim using session cookies, posing a high-security risk.

Key Points

– Greatness uses sophisticated evasion tactics, including CAPTCHAs and QR codes.
– The tool targets multiple industries, expanding its reach beyond financial services.
– It employs AiTM techniques to bypass MFA and gain unauthorized access.

Efforts to combat the Greatness threat continue, but the tool’s evolving nature poses significant challenges to cybersecurity. Law enforcement agencies have made some strides, such as the recent takedown of LabHost, but it’s an ongoing battle. The use of dynamically loaded JavaScript libraries, Base64 encoded strings, and encrypted data via AES with PBKDF2-derived keys further complicates detection and mitigation efforts.

The rise of Phishing-as-a-Service platforms like Greatness highlights the need for robust security measures and constant vigilance. Organizations must regularly update their security protocols and educate employees on recognizing phishing attempts. Employing advanced threat detection tools and collaborating with cybersecurity experts can help mitigate these risks. As cybercriminals continue to innovate, staying ahead of the threat curve is crucial for safeguarding sensitive information.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Cyberattack Forces PowerSchool to Face Extortion Scandal

CrowdStrike Faces Workforce Reduction Amid Financial Shifts

Authorities Seize DDoS Platforms in Multi-National Operation

Trump Urges Colorado to Release Jailed Clerk Over Election Breach

Google Targets Vulnerabilities in May Security Update

Share This Article
Facebook Twitter Copy Link Print
Kaan Demirel
By Kaan Demirel
Kaan Demirel is a 28-year-old gaming enthusiast residing in Ankara. After graduating from the Statistics department of METU, he completed his master's degree in computer science. Kaan has a particular interest in strategy and simulation games and spends his free time playing competitive games and continuously learning new things about technology and game development. He is also interested in electric vehicles and cyber security. He works as a content editor at NewsLinker, where he leverages his passion for technology and gaming.
Previous Article Helldivers 2 players debate Emancipator’s balance
Next Article Jeep Challenges Tesla in New EV Ad

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Trump Alters AI Chip Export Strategy, Reversing Biden Controls
AI
Solve Wordle’s Daily Puzzle with These Expert Tips
Gaming
US Automakers Boost Robot Deployment in 2024
Robotics
Uber Expands Autonomy Partnership with $100 Million Investment in WeRide
Robotics
EB Games Returns to Canada and Recaptures Nostalgia
Gaming
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?