Hackers hijacked an Oxford email server to deliver malicious emails as part of a phishing campaign. The campaign was spotted by Check Point researchers in early April 2020 after observing a series of suspicious emails pretending to be notifications of missed Office 365 voice mails. The emails were asking victims to click on a button that would have taken them to page on their account where they could listen or download the missed message. After the potential victims clicked the Listen/Download button embedded in the phishing message, they were instead redirected to a landing page disguised as an Office 365 login page.
Source: https://www.bleepingcomputer.com/news/security/hijacked-oxford-server-used-by-hackers-for-office-365-phishing/