By The Hacker News
Publication Date: 2026-05-05 06:35:00
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens.
The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26 countries, with 92% of the targets located in the U.S. The majority of phishing emails were directed against healthcare and life sciences (19%), financial services (18%), professional services (11%), and technology and software (11%) sectors.
“The lures in this campaign used polished, enterprise-style HTML templates with structured layouts and preemptive authenticity statements, making them appear more credible than typical phishing emails and increasing their plausibility as legitimate internal communications,” the Microsoft Defender Security Research Team and Microsoft Threat Intelligence
