A yearlong phishing campaign used various techniques to help evade security tools. Hackers created realistic-looking phishing emails that appear to resemble invoices with Microsoft Excel spreadsheets attached. If a user opened one of these malicious attachments, the group behind the attack could harvest their Office 365 credentials as well as other details, such as the device’s specific IP address and location. The attackers changed their tactics and techniques, including obfuscation and encryption mechanisms, about every 37 days on average to help avoid detection by security teams.”]
Source: https://www.cuinfosecurity.com/microsoft-details-yearlong-office-365-phishing-campaign-a-17292