A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies. The attack chain commenced with phishing lures that purported to be Xerox (or Xeros) scan notifications containing an HTML file attachment, that when opened, urged recipients to enter their Office 365 passwords on a fake lookalike login page.
Source: https://thehackernews.com/2021/01/hackers-accidentally-expose-passwords.html