Threat actors are leveraging Microsoft 365’s Direct Send feature to launch sophisticated phishing campaigns that mimic internal organizational emails, eroding trust and heightening the success rate of social engineering exploits.
This feature, designed for unauthenticated relaying of messages from devices like multifunction printers and legacy applications to internal recipients, allows external attackers to spoof sender addresses without requiring valid credentials.
Proofpoint researchers have documented an ongoing operation where adversaries inject phishing emails via unsecured third-party email security appliances acting as SMTP relays, often hosted on virtual private servers (VPS).
gbhackers.com
