The xlsb attachment downloads a powershell which recover a zip document. Inside, there is the malware (aka Java RAT or jRAT).
Microsoft: Over 44 million Azure AD and Services accounts were vulnerable to account hijacking. This due to use of compromised passwords
Over 44 million Azure AD and Services accounts were vulnerable to account hijacking. This due to use of compromised passwords. It has been revealed by Microsoft cyber security experts. The discovery was made in the first quarter of 2019, when the company’s identity threat research team checked billions of credentials compromised in different breaches against consumer and enterprise account credentials, including law enforcement and public databases. For the leaked ones for which we found a match, the researchers force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.
The cyber security experts: Password reuse is still too common and it’s really dangerous
According to the cyber security experts, reusing passwords across multiple account-based services is common. A 2018 study on nearly 30 million users and their passwords revealed that password reuse and modifications were common for 52% of users. The same study also found that 30% of the modified passwords and all the reused passwords can be cracked within just 10 guesses. This behavior puts users at risk of being victims of a breach replay attack. Once a threat actor gets hold of spilled credentials or credentials in the wild, they can try to execute a breach replay attack. In this attack, the actor tries out the same credentials on different service accounts to see if there is a match. That’s why Microsoft checks them periodically.