Over 300 orgs impacted by global AI-powered phishing campaign

Threat actors who weaponized the AI cloud-hosting service Railway were able to compromise the Microsoft cloud accounts of 344 organizations, including government, healthcare, finance, and construction entities, around the world as part of an AI-powered phishing campaign that has been underway since earlier this month, CyberScoop reports. Attacks part of the campaign, which significantly escalated beginning March 3, involved the exploitation of Railway's platform-as-a-service to craft credential harvesting infrastructure, as well as the abuse of Microsoft's authentication flow that provides OAuth tokens valid for up to three months without multi-factor authentication or credential requirements, an analysis from Huntress showed. Railway has already launched a crackdown on accounts and domains leveraged in the campaign. "We are seeing crooks as the first movers of AI. They don't have any qualms about PII, they don't have any qualms about model training ... and this incident, just in the sheer pace at which it has evolved, is kind of a testament to that," said Huntress Chief Product Officer Prakash Ramamurthy.