Microsoft was criticized after it took five months to fully patch an issue in its Power platform.
Researchers with Microsoft on Wednesday said that the threat actor has used a “highly targeted” social engineering attack to hit 40 global organizations.
The threat group used forged authentication tokens - with an acquired Microsoft account consumer signing key - to access the email accounts of more than two dozen organizations.
The Microsoft zero-day flaw (CVE-2023-36884) is being leveraged by a Russian-based cybercriminal group in phishing emails sent to defense and government entities in Europe and North America.
An undocumented malicious driver called RedDriver uses an open-source tool to forge signature timestamps, as a way to bypass Microsoft’s Windows driver signature enforcement policies.