Microsoft 365’s Direct Send feature has been exploited to circumvent email security measures.

Cybersecurity researchers have identified a sophisticated spear phishing campaign that exploits Microsoft 365’s Direct Send feature to bypass traditional email security measures and execute hyper-personalised credential theft attacks. This campaign represents a concerning evolution in attack sophistication, merging the technical exploitation of legitimate Microsoft services with advanced social engineering tactics aimed at disarming even seasoned security professionals. By leveraging Microsoft 365’s Direct Send functionality, attackers circumvent standard email authentication mechanisms such as SPF, DKIM, and DMARC checks. They route malicious emails through the victims’ own smart host infrastructure, allowing them to masquerade their communications as trusted internal traffic while evading basic authentication protocols. This exploitation enables threat actors to deliver malicious payloads that would typically be blocked by conventional email security solutions.

What distinguishes this campaign is its dual-vector approach and extreme personalisation capabilities. Analysts from StrongestLayer detected the attack after their TRACE AI system identified suspicious authentication anomalies and behavioural patterns inconsistent with legitimate communications. The researchers found that attackers employed image-based lures to evade text-based security filters while deploying two distinct payload types for maximum impact and stealth. The campaign utilises a sophisticated multi-stage infection mechanism that begins with seemingly innocuous voicemail notifications from trusted services like RingCentral. These emails contain no analyzable text for traditional scanners, instead using high-fidelity inline images that closely mimic legitimate service notifications. The social engineering aspect creates urgency by encouraging users to open attachments to listen to supposedly important voice messages. The attack’s technical sophistication is evident in its dual-payload delivery system, with the primary vector using malicious HTML files disguised as audio players, employing a three-stage obfuscation technique. The payload structure features an invalid image tag that triggers an onerror event, which subsequently Base64-decodes and executes hidden JavaScript. The secondary vector utilises malicious SVG files that exploit the misconception that many security filters treat SVG files as safe images rather than potentially executable content. These files contain embedded JavaScript with additional custom encoding layers designed to evade automated analysis systems.