A highly targeted phishing campaign, with a Microsoft file platform twist, has siphoned Office 365 credentials of more than 150 executives since mid-2019. The campaign leverages multiple Microsoft file-sharing services to convince victims to hand over their credentials. Multiple threat groups are working together to carry out PerSwaysion, according to researchers. The ongoing campaign has targeted small- and medium-sized financial services companies, law firms and real estate groups across the U.S., Canada, Germany, the UK and other countries.
Source: https://threatpost.com/microsoft-sway-abused-office-365-phishing-attack/155366/