Storyline
Microsoft warns of large-scale phishing campaign targeting thousands globally
Microsoft has disclosed a sophisticated phishing campaign that targeted over 35,000 users across more than 13,000 organizations in 26 countries, primarily in the US.
Published 2026-05-04 18:06 UTCUpdated 2026-05-05 16:00 UTC
Current brief openSource links open
This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Microsoft has disclosed a sophisticated phishing campaign that targeted over 35,000 users across more than 13,000 organizations in 26 countries, primarily in the US.
Score total
1.97
Momentum 24h
6
Posts
6
Origins
6
Source types
2
Duplicate ratio
0%
Why now
- The campaign was active recently in April 2026, indicating ongoing threat activity.
- New malware abusing Microsoft Phone Link was first observed in January 2026, showing evolving attack techniques.
- Microsoft's public warnings help organizations strengthen defenses against these sophisticated attacks.
Why it matters
- Phishing campaigns targeting large organizations risk widespread credential theft and account compromise.
- Malware exploiting trusted Microsoft services can bypass traditional mobile security controls.
- Understanding attack methods aids SOC teams in detecting and mitigating similar threats.
Continuity snapshot
- Trend status: insufficient_history.
- Continuity stage: broad_confirmed.
- Current status: open.
- 6 current source-linked posts are attached to this storyline.
All evidence
All evidence
Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-05 16:00 UTC
Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
SecurityWeek · securityweek.com · 2026-05-05 14:45 UTC
New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know
redteamsec · any.run · 2026-05-05 13:26 UTC
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
CSO Online · csoonline.com · 2026-05-05 11:05 UTC
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
Help Net Security · helpnetsecurity.com · 2026-05-05 11:04 UTC
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
The Hacker News · thehackernews.com · 2026-05-05 06:35 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- Infosecurity Magazine (1)
- SecurityWeek (1)
- redteamsec (1)
- CSO Online (1)
- Help Net Security (1)
- The Hacker News (1)
Top origin domains (this list)
- infosecurity-magazine.com (1)
- securityweek.com (1)
- any.run (1)
- csoonline.com (1)
- helpnetsecurity.com (1)
- thehackernews.com (1)