An attack campaign using advanced cyber-espionage techniques launched against Office 365’s Outlook Web App users in an attempt to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets.

The group behind the attack used an interesting technique against organizations using OWA; for each attack they used JavaScript code to make it appear that the victims OWA sessions ended while at the same time, tricking them into re-entering their log-in credentials by redirecting victims to fake OWA log-in pages.

 

Further reading material can be found at PC World