Microsoft is urging users to enable multi-factor authentication (MFA) to prevent phishing attempts using stolen credentials by attackers who register devices on organisations' networks.
The novel attack abuses the bring-your-own device (BYOD) concept and is part of a large-scale multi-phase campaign discovered by Microsoft's Defender Threat Intelligence Team.
Organisations in Australia, Singapore, Indonesia and Thailand have been targeted by the attackers.
After stealing user credentials, the attackers then attempt to join unmanaged devices that they control on organisations' networks, for lateral movement.
Leveraging BYOD registration by threat actors is on the rise, Microsoft said.
"These unmanaged devices are often ignored or missed by security teams at join time, making them lucrative targets for compromising, quietly performing lateral movements, jumping network boundaries, and achieving persistence for the sake of launching broader attacks," Microsoft said.
"Even more concerning, as our researchers uncovered in this case, is when attackers manage to successfully connect a device that they fully operate and is in their complete control."
To foil the attacks, Microsoft said organisations should enable MFA, which prevents the use of stolen credentials.
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
