Weaponizing Microsoft 365 Direct Send to Bypass Email Security Defenses

Security researchers at StrongestLayer, in collaboration with Jeremy, a seasoned Security Architect at a major manufacturing firm, have exposed a multi-layered spear phishing attack that exploits Microsoft 365’s Direct Send feature to infiltrate corporate email systems.

The campaign, flagged initially by StrongestLayer’s AI system TRACE, masqueraded as innocuous voicemail notifications from services like RingCentral, but forensic analysis revealed a calculated blend of authentication bypasses, obfuscated payloads, and hyper-personalized lures designed to harvest credentials from even vigilant users.

This incident underscores the evolving tactics of adversaries who weaponize legitimate cloud features against enterprise defenses, highlighting the critical intersection of automated AI detection and human-led investigation.

Sophisticated Spear Phishing Campaign

The attack chain began with emails exhibiting header anomalies that TRACE identified as inconsistent with legitimate traffic, including failures in SPF, DKIM, and DMARC authentication protocols.

These messages originated from unauthorized IP addresses tied to generic hosting providers in the US and Israel, yet they traversed internal smart hosts like company.mail.protection.outlook.com via Direct Send, a Microsoft 365 mechanism allowing unauthenticated SMTP submissions.

This exploitation enabled the emails to appear as trusted internal communications, evading standard perimeter filters.

Jeremy noted that the relay paths showed clear signs of SmtpServer.Submit usage, with SPF softfails and dkim=none indicators, effectively masking the malicious intent and allowing delivery without raising immediate alarms in legacy security gateways.

Dual-Payload Delivery

Delving deeper, the lure relied on high-fidelity inline images to convey urgent calls-to-action, such as “You have a new voice message,” bypassing natural language processing and keyword-based scanners that depend on textual content.

This visual obfuscation technique ensured the emails slipped past traditional defenses, prompting users to engage with attachments disguised as audio playback files.

The payloads manifested in two vectors: HTML files named variants like “Play_Audio_vm_…html” and SVG files, both embedding heavily obfuscated JavaScript for credential theft.

In the HTML vector, an invalid tag triggered an onerror event that decoded Base64-encoded scripts via atob functions, dynamically fetching phishing pages from remote servers while pre-filling forms with the victim’s email from data attributes.

The SVG alternative, often overlooked as benign images, incorporated

What elevated the attack’s potency was its deep personalization: scripts pulled corporate logos and branding elements based on the target’s domain, rendering phishing interfaces indistinguishable from legitimate Microsoft 365 login portals and eroding user skepticism through familiar visual cues.

Reconstructing the timeline, attackers initiated compromise using PowerShell to exploit Direct Send, followed by image-based engagement leading to payload execution and credential exfiltration.

This sophistication points to reconnaissance-heavy operations, with behavioral patterns suggesting advanced persistent threat actors.

In response, Jeremy’s team deployed interim defenses, including custom header stamping at mail gateways to enforce quarantine on unmarked messages, while advocating for Microsoft’s official patches.

StrongestLayer recommends enhancing header scrutiny for Direct Send indicators, restricting HTML and SVG attachments from external sources, enforcing strict DMARC reject policies, and implementing behavioral monitoring for authentication anomalies.

This case illustrates how adversaries are increasingly leveraging cloud-native features like Direct Send to orchestrate stealthy, personalized attacks, urging organizations to integrate AI-driven analytics with rigorous forensic protocols to counter such evolving threats.

As cyber defenses adapt, the collaboration between AI tools and human expertise remains paramount in dismantling these intricate campaigns.

The Ultimate SOC-as-a-Service Pricing Guide for 2025– Download for Free