Microsoft warns of criminal group using ‘advanced’ phishing tricks

27 Oct 2023

Image: © Maksim Shmeljov/

The Octo Tempest group has been seen using an ‘extensive’ range of tactics, including well-researched impersonations and threats of violence to coerce victims into sharing data.

Microsoft has issued a profile warning on Octo Tempest, which the company claims is one of the most dangerous criminal groups in operation.

The tech giant describes this group as a “financially motivated collective” of native-English-speaking threat actors that have a wide range of tactics and techniques. These include SMS phishing and “advanced social engineering techniques”, along with occasional threats of violence to coerce victims into sharing their data.

“Octo Tempest leverages broad social engineering campaigns to compromise organisations across the globe with the goal of financial extortion,” Microsoft said in a blogpost.

“Octo Tempest progressively broadened the scope of industries targeted for extortion, including natural resources, gaming, hospitality, consumer products, retail, managed service providers, manufacturing, law, technology and financial services.”

Microsoft claims the group was first seen in early 2022 and overlaps with other threat actors such as 0ktapus, Scattered Spider and UNC3944. The group has adapted its tactics since then and has taken an “increasingly aggressive approach”.

The company claims Octo Tempest uses various social engineering tricks to steal login credentials, such as impersonating recently hired employees and conducting research to effectively impersonate victims.

“The actor’s privilege escalation tactics often rely on building trust through various means, such as leveraging possession of compromised accounts and demonstrating an understanding of the organisation’s procedures,” Microsoft said. “In some cases, they go as far as bypassing password reset procedures by using a compromised manager’s account to approve their requests.”

In other “rare” examples, the criminal group has been observed using fear-mongering tactics, by targeting specific individuals through calls and texts with threats to hurt them and their families.

“These actors use personal information, such as home addresses and family names, along with physical threats to coerce victims into sharing credentials for corporate access,” Microsoft said.

With the various tactics and links to other cybercriminal groups, Microsoft assesses that Octo Tempest is a well-organised group that has “extensive” technical knowledge and multiple operators.

Last month, Microsoft issued a warning about a financially motivated threat actor, which targeted Teams users as a way to breach networks for future ransomware attacks.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic