The campaign relies on a phishing kit offered in a malware-as-a-service (MaaS) operation and is a well-planned endeavor. Multiple threat actors running phishing attacks on corporate targets have been counting on Microsoft Sway service to trick victims into giving their Office 365 login credentials. The campaign has been running since at least August 2019 and emails of at least 27 adversaries have been found in several variants of the phishing kits. To date, they tricked at least 156 high-ranking individuals at small and medium financial services companies.
Source: https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-perswaysion-spear-phishing-operation/