A new cyberattack campaign is shaking up enterprise security: A threat actor known as O-UNC-066 has launched a sophisticated phishing campaign that uses fake voice calls to trick Microsoft 365 users into stealing their access through fraudulent passkey enrollment. This method, which combines social engineering with a dashboard-controlled phishing kit, represents a dangerous evolution in data extortion tactics. Organizations across multiple industries have already been targeted by this threat, underscoring the need to strengthen cybersecurity strategies and adopt advanced technical solutions.
The attack begins when a user receives a seemingly legitimate phone call from tech support, requesting that they verify their identity by enrolling a new passkey in Entra, the Microsoft 365 identity service. The victim is directed to a fraudulent website that mimics the passkey registration interface, where they enter their credentials and the verification code generated by their authenticator app. In reality, the phishing kit captures all the information and allows the attacker to gain full control of the account, even overcoming multi-factor authentication (MFA). Once inside, the actor threatens to leak sensitive data unless a ransom is paid.
What's disturbing about this scheme is that it exploits the trust employees have in modern security methods. Passkeys, designed to replace traditional passwords with more secure cryptographic keys, become an attack vector when the enrollment process is tampered with. Attackers don't need to breach technical infrastructure; they just deceive people. For this reason, cybersecurity cannot be based solely on technological tools; It must include a culture of awareness and continuous training.
From a business perspective, the consequences of a successful attack go beyond data loss. Extortion can cripple operations, damage reputations, and lead to legal and regulatory costs. Companies that rely on Microsoft 365 for internal communication and collaboration should assess their risks. A defense-in-depth strategy includes network segmentation, implementing conditional access policies, continuously monitoring suspicious sessions, and most importantly, adopting customized cybersecurity solutions that are tailored to each organization's specific needs.
This is where companies like Q2BSTUDIO offer differential value. As specialists in custom software development and technology consulting, they understand that security is not a standard product, but a dynamic process. Its cybersecurity and pentesting services make it possible to identify vulnerabilities before attackers exploit them, simulating real attacks such as passkey phishing to assess the company's defensive posture. In addition, they integrate artificial intelligence to analyze behavior patterns and detect anomalies in real time, anticipating emerging threats.
The O-UNC-066 threat also highlights the importance of AWS and Azure cloud services in security strategy. Organizations migrating to the cloud must properly configure their environments, apply security patches, and use native tools such as Microsoft Entra ID Protection. Q2BSTUDIO offers AWS and Azure cloud services that include secure architectures, policy automation, and continuous monitoring, reducing the attack surface. Combined with its business intelligence solutions, such as Power BI, companies can visualize security metrics and make informed decisions based on data.
Artificial intelligence for companies is revolutionizing cybersecurity. AI agents can analyze large volumes of logs, identify unusual behavior, and automatically respond to incidents, such as blocking a suspicious session or forcing a password change. Q2BSTUDIO develops custom applications that integrate these agents into IT workflows, enabling proactive defense without relying solely on human resources. For example, an AI agent could detect that a user is being redirected to a fake passkey URL and alert the security team within milliseconds.
For companies that have not yet adopted a comprehensive cybersecurity strategy, now is the time to act. Employee training should include advanced phishing drills, such as those using voice calls (vishing). It's also a good idea to implement Conditional Access policies that require additional verification for sensitive tasks, such as enrolling passkeys. In addition, using custom applications to manage identities and access can close gaps that generic systems do not cover.
Technically, passwordless authentication is the future, but its adoption must be done carefully. IT administrators should regularly audit passkey enrollment methods, review Entra activity logs, and set up alerts for registration attempts from unusual locations or devices. AI-based security tools, such as those offered by Q2BSTUDIO, can automate these reviews and reduce the burden on the IT team.
In conclusion, O-UNC-066's campaign is a reminder that cybercriminals are constantly evolving, leveraging new technologies to trick users. Companies must invest in multi-layered cybersecurity that combines technology, processes, and people. Collaborating with technology partners like Q2BSTUDIO, which offer everything from business intelligence services to AI agents and custom software development, allows you to build robust and adaptable defenses. It is not just about protecting against the current threat, but also about anticipating those that will come. Safety is a journey, not a destination, and every step counts.


.jpg)

