News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Phishing campaign impacting NZ organisations

Phishing campaign impacting NZ organisations

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

10:00am, 13 June 2024

TLP Rating: Clear

Phishing campaign impacting NZ organisations

The NCSC is aware of a multi-stage phishing campaign currently impacting New Zealand organisations, active since at least 05 June 2024.

Compromised user accounts are being used to send phishing emails which may originate from trusted or known contacts. These are being sent via Microsoft OneDrive/SharePoint sharing invitations, in an effort to redirect users to malicious websites and harvest credentials or session tokens.

Organisations are urged to monitor for this activity and remind their staff to be vigilant of any sharing links received, especially from external domains. Additionally, consider any further security controls which may be applied to help mitigate this activity.

The following Microsoft blog post provides advice on how to detect and mitigate this type of activity.

Additional resources:

Token tactics: How to prevent, detect, and respond to cloud token theft | Microsoft Security Blo External Link g

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud | Microsoft Security Blog External Link

If your organisation has seen or does see evidence of compromise related to this activity, please contact ncscincidents@ncsc.govt.nz.