A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat actor begins by registering domains that include the term “passkey” (for example, assignpasskey[.]com, deploypasskey[.]com, passkeydeploy[.]com, passkeyadd[.]com, setpasskey[.]com) and creating per-target subdomains. Microsoft Entra ID login pages. Pages load generic Microsoft styling […] The post Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/microsoft-entra-passkey-enrollment/
![]()

