Crims compromised energy firms' Microsoft accounts, sent 600 phishing emails

Unknown attackers are abusing Microsoft SharePoint file-sharing services to target multiple energy-sector organizations, harvest user credentials, take over corporate inboxes, and then send hundreds of phishing emails from compromised accounts to contacts inside and outside those organizations.

The attackers likely used previously-compromised email addresses to gain initial access to "multiple" energy-sector organizations targeted in this campaign, according to Redmond, which detailed the digital intrusions in a Wednesday report. 

These emails contained a SharePoint URL requiring user authentication and subject lines such as "New Proposal - NDA" to make them appear legitimate. People who clicked on the URL were redirected to a website that required them to enter user credentials, thus giving the criminals valid usernames and passwords to use in later stages of these attacks.

Then, the attackers signed in to the compromised accounts with another IP address and created an inbox rule to delete all incoming emails and mark all ...