Campagnes de phishing en cours ciblant les instances dédiées (« tenants ») Microsoft 365 sans authentification multifacteur activée (uniquement en anglais)

The CSSF has been made aware of ongoing phishing campaigns targeting organisations using Microsoft 365, specifically Office 365 tenants where multi-factor authentication (MFA) is not enforced.

CIRCL, the Computer Incident Center Luxembourg, published a report on this subject, including recommendations, available at this URL: https://www.circl.lu/pub/tr-94/.

The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.