Kratos PhaaS Targets Microsoft 365 Users with Phishing Campaigns
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Kratos, a subscription-based phishing-as-a-service platform, is actively targeting Microsoft 365 users in the US, Europe, and other regions. The attackers employ phishing tactics that utilize trusted services like Microsoft SharePoint and OneDrive to deliver links leading to credential-harvesting pages. Organizations including small businesses, law firms, and schools are at risk from these campaigns, which use believable document-sharing lures. The operation has been confirmed to have affected at least 156 sessions. No specific CVEs were mentioned, but the attack vector involves fake login pages designed to steal user credentials. The situation is ongoing, with security professionals urged to remain vigilant against these tactics.
Key Points: • Kratos PhaaS is targeting Microsoft 365 users through phishing campaigns. • The operation uses trusted services to deliver links to credential-harvesting pages. • Organizations across various sectors, including small businesses and schools, are at risk.