Hackers Use AI Platforms to Steal Microsoft 365 Credentials in Phishing Campaign

Cybersecurity

Exploitation of AI Platforms in Phishing Attacks

Recent findings from Cato Networks highlight a new trend where cybercriminals exploit the trust placed in artificial intelligence platforms for conducting advanced phishing attacks. The company’s Managed Detection and Response (MDR) service uncovered a campaign utilizing Simplified AI, a marketing platform, to illicitly obtain Microsoft 365 credentials from organizations in the United States.

Discovery and Impact

The attack, identified in July 2025, compromised at least one US-based investment firm before it was detected and mitigated. Although the specific campaign is no longer active, it signifies an evolution in cybercrime tactics that could potentially impact various sectors.

Tactics Employed

The malicious campaign involved emails masquerading as originating from executives of a global pharmaceutical distributor, incorporating authentic company logos and verified executive names. The emails featured password-protected PDF attachments designed to bypass automated security checks.

The phishing strategy used a multi-faceted approach, targeting both social engineering and technological evasion:

1. Initial Contact: Emails appeared to be from pharmaceutical company executives, with passwords for PDF attachments provided in the message body.
2. PDF Lure: Documents presented legitimate company branding, directing users to Simplified AI’s platform.
3. Trusted Redirect: Users were led to a page resembling a legitimate Simplified AI site, featuring Microsoft 365 imagery.
4. Credential Harvest: Victims were redirected to a fake Microsoft 365 login portal to capture credentials.

This incident showcases how cybercriminals adapt to the widespread use of AI tools in corporate settings. Marketing platforms like Simplified AI are frequently whitelisted by IT departments, facilitating employee access.

Mitigations

Security professionals suggest several measures to safeguard against such threats:

• Implement multi-factor authentication across essential services
• Educate employees on handling password-protected attachments
• Monitor all AI platform usage, including unauthorized applications
• Continuously inspect AI traffic without implicit trust
• Deploy advanced threat detection systems to identify suspicious patterns

This incident serves as a reminder for organizations to reevaluate their AI platform security strategies, ensuring AI traffic is scrutinized similarly to unknown domains, while balancing security with business innovation.