Pawn Storm Abuses OAuth In Social Engineering Attacks

This blog post discusses how Pawn Storm abused Open Authentication (OAuth) in advanced social engineering schemes. High profile users of free webmail were targeted by campaigns between 2015 and 2016.

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

TrustedSec Practical OAuth Abuse for Offensive Operations – Part 1

Must Read - Security Affairs

What are Social Engineering Attacks? Types of Attacks in 2023

Probing Pawn Storm: Cyberespionage Campaign Through Scanning, Credential Phishing and More - Security News

OAuth, Breaking Cybersecurity News

Social engineering (security) - Wikipedia

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Pawn Storm Mishandles Open Authentication in Advanced Social Engineering Attacks

Mandiant identifies 3 hacktivist groups working in support of Russia

Detection and Mitigation of Illicit Consent Grant Attacks in Azure AD - Thomas Naunheim

Pawn Storm Abuses OAuth In Social Engineering Attacks

APT28 hacked Roundcube email servers of Ukrainian entities

Shining a Light on OAuth Abuse with PwnAuth