- Cybersecurity Docket
- Posts
- Hackers Targeting Organizations to Gain Microsoft 365 Access
Hackers Targeting Organizations to Gain Microsoft 365 Access
Plus, Interpol cybercrime crackdown nets 5,800 arrests across 97 countries.

Good morning! Here’s what’s up.

People
Victor Brown has been appointed chief technology officer (CTO) at Camelot Secure, a computer-security services company, strengthening its executive team to help government agencies, defense contractors, and organizations address emerging cyber threats and AI-enabled attack vectors. Before joining Camelot Secure, Brown was vice president and CTO for IBM U.S. Public and Federal Market.

Clips ✂️
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks.
The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The activity has singled out food and beverage, technology, healthcare, automotive, construction, and aviation industries.
"The threat actor registers domains that incorporate the word passkey as part of a voice-enabled phishing ('vishing') scheme," Okta researcher Houssem Eddine Bordjiba said. "The threat actor then calls targeted users on the phone in an attempt to persuade them that they need to register a new passkey."
Users are then directed to a phishing kit that's identical to the Microsoft passkey enrollment process, giving the impression that they are adding a passkey with Microsoft, when, in reality, the threat actor registers their own passkey against their Microsoft account, granting them unauthorized access.
Interpol cybercrime crackdown nets 5,800 arrests across 97 countries
Authorities arrested more than 5,800 alleged cybercriminals and seized $293 million in a global operation targeting social-engineering scams and money laundering across 97 countries, Interpol said Thursday.
The anti-fraud crackdown, dubbed Operation First Light, identified more than 142,000 victims, including people, businesses and governments, officials said.
“Social engineering scams continue to pose a significant threat to our society. Criminal syndicates exploit human psychology to manipulate their targets, and no nation can stay safe unless all countries are equipped and committed to jointly fighting back,” Tomonobu Kaya, director of Interpol’s Financial Crime and Anti-Corruption Centre, said in a statement.
Police identified more than 15,500 cybercrime suspects during the operation, which spanned more than three months ending in late April, according to Interpol. Officials also analyzed more than 152,800 cases of cybercrime, including business email compromise, sextortion, romance scams, impersonation and investment schemes.
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites.
Far fewer were actually broken into, but the exposed files showed researchers how a mass site-hacking operation runs from the inside.
The operation, now tracked as WP-SHELLSTORM, is what SOCRadar calls a webshell access brokerage: a crew that breaks into sites at scale, plants a hidden backdoor (a "webshell") on each, and packages that access for resale.
The strongest activity hit WordPress sites running out-of-date plugins. If you run WordPress or Joomla, the two flaws that mattered most were in the Breeze caching plugin and Joomla's JCE editor; skip to the checklist below if that's you.
EU Unveils AI Cybersecurity Action Plan
The European Commission has unveiled a new Action Plan on Cybersecurity and Artificial Intelligence, setting out how the European Union intends to strengthen cyber resilience as advanced AI models reshape both cyber defence and cyberattacks.
Rather than introducing another layer of regulation, the Action Plan focuses on putting legislation already in place into operation through new institutions, secure testing environments and closer collaboration between governments, industry, and researchers.
Europe Moves From Regulation to Implementation
The Action Plan builds on legislation already in force, including the AI Act, Cyber Resilience Act, NIS2 Directive, Digital Operational Resilience Act (DORA), and the Cyber Solidarity Act.
…
Among the first measures is a proposal to establish a dedicated European AI evaluation capability, expected to become operational during 2027. The capability will support the independent assessment of advanced AI models with the intention of strengthening the work of the EU AI Office.
Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail
Former ransomware negotiator for DigitalMint was sentenced to 70 months in jail for deceiving his employer’s clients and conspiring with ransomware affiliates to extort a combined $75.3 million from five U.S. companies he was entrusted to aid during their moments of extreme crisis, the Justice Department said Thursday.
Angelo John Martino III shared confidential information he gained from his work as a ransomware negotiator, including victim organizations’ negotiating positions and insurance policy limits, to extract the maximum payment for himself and other BlackCat affiliates he colluded with in backchannels.
Five of Martino’s victims hired DigitalMint, which assigned the 41-year-old to conduct ransomware negotiations on their clients’ behalf — a rare position he exploited to play both sides, effectively conducting ransomware negotiations with himself and his co-conspirators.
The five victims, all of which paid a ransom between April 2023 and September 2023, include a nonprofit that paid a nearly $26.8 million ransom, a financial services company that paid nearly $25.7 million, and a hospitality company that paid almost $16.5 million.
Bank of England Warns of Escalating AI, Cyber & Market Risk
The UK central bank warns that rapid AI sector borrowing & rising cyber threats pose critical risks to financial stability, in spite of banking resilience.
Financial institutions have long weighed technological innovation against operational risk. The tension between adoption and security has become more pronounced as artificial intelligence systems expand across trading floors and payment networks.
The Bank of England (BoE) has flagged AI as a threat to financial stability in its latest assessment. According to the central bank, heavy investment in AI technology has created new attack surfaces for cyber threats. The warning comes as banks integrate machine learning models into critical infrastructure.
The BoE's half-yearly review identifies multiple risk factors beyond cybersecurity. These include elevated share valuations, sovereign debt levels and lending practices in private credit markets.
However, the report notes that cyber vulnerabilities linked to AI deployment have intensified since the previous assessment.
