Hackers Exploit Microsoft Entra: New Vulnerability in Passkeys
A group of malicious actors is using social engineering to compromise Microsoft 365 accounts via fake passkey registrations in Entra.

The Rise of Targeted Social Engineering Against Microsoft Entra
Cloud security has been dealt a new blow. A sophisticated campaign led by the group identified as O-UNC-066 has recently been uncovered, using voice phishing tactics to compromise access to corporate Microsoft 365 environments. Unlike traditional attacks, this hack focuses on manipulating the passkey registration process within Microsoft Entra.
The method is deceptively simple: attackers contact employees under the guise of technical support staff, urging them to complete an urgent security registration. By accessing a phishing kit controlled by the attackers, the victim ends up linking a device controlled by the malicious actor, granting them persistent access to the corporate network.
How Does This Passkey Registration Vulnerability Work?
The effectiveness of this threat lies in its ability to bypass conventional multi-factor authentication (MFA) methods. Attackers exploit user trust in new passwordless authentication technologies.
"The threat actor O-UNC-066 uses an advanced control panel to orchestrate credential harvesting and real-time device enrollment, facilitating large-scale data extortion attacks."
Implications for Corporate Security
This incident highlights that regardless of the security updates implemented by the tech giant—such as when Microsoft patched the RoguePlanet vulnerability in Windows Defender—the human factor remains the weakest link. If attackers manage to compromise a privileged account, the next step is often the deployment of ransomware to encrypt critical data and demand astronomical payments.
To mitigate these risks, organizations must:
- Implement strict identity verification policies for any technical support requests.
- Train staff on the risks associated with new authentication methods.
- Constantly monitor audit logs for unauthorized devices linked to Entra accounts.
Conclusion
The transition toward passwordless environments is necessary, but it is not a magic bullet. The sophistication of groups like O-UNC-066 demonstrates that cybercriminals are evolving their tactics to target the very tools designed for our protection. Cybersecurity must be, above all, a culture of constant vigilance and not just a matter of software configuration.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...