Fake Entra Passkey Scam Used to Breach Microsoft 365

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- O-UNC-066, a threat actor tracked by Okta, is running an active campaign against organizations spanning multiple sectors.
- The attack uses voice-based fake security requests designed to manipulate Microsoft 365 users.
- Victims are tricked into enrolling a new Entra passkey, effectively handing the attacker control of authentication for the account.
- The campaign's stated aim is data extortion against the compromised organizations.
Why it matters: For organizations that have deployed Entra passkeys to harden authentication, this campaign exploits the enrollment workflow itself — turning a phishing-resistant security upgrade into the attacker's foothold for data extortion across multiple sectors.


