Midnight Phishing Party: China's Fake Microsoft App Just Stole Your Defense Contractor Credentials While You Slept

Midnight Phishing Party: China's Fake Microsoft App Just Stole Your Defense Contractor Credentials While You Slept

From Red Alert: China's Daily Cyber Moves by Inception Point Ai

May 20, 2026 · 5 min

About this episode

The episode discusses a phishing attack targeting U.S. defense contractors by Chinese state-aligned actors using a fake Microsoft app.

This is your Red Alert: China's Daily Cyber Moves podcast. I’m Alexandra Reeves, and this is Red Alert: China’s Daily Cyber Moves. We start just after midnight on the East Coast, when network telemetry firms pick up a fresh phishing wave targeting U.S. defense contractors. According to Verizon’s 2026 Data Breach Investigations Report, Chinese state-aligned actors have shifted hard into credential-theft phishing with browser-in-the-browser overlays. Tonight’s lure pretends to be a shared “EU-NATO cyber drill” document. The payload? A custom variant of the PlugX remote access tool, rebuilt to look like legitimate Microsoft traffic. By 01:30, a managed security operations center in Northern Virginia notices anomalous OAuth consents in a logistics firm that supports Pacific Fleet movements out of San Diego and Pearl Harbor. Tokens are being granted to a fake app mimicking Microsoft Entra ID. The pattern matches what the Frontier Risk Report from METR warned about this week: more automated, AI-assisted campaigns that adapt in real time to security controls, rotating infrastructure and tweaking lure text as filters catch up. Around 02:15, CISA and the FBI push out an emergency joint…

People in this episode

Host: Alexandra Reeves

Topics covered

  • cybersecurity
  • phishing
  • credential theft
  • China
  • defense contractors
  • malware
  • emergency advisory

Keywords

  • phishing
  • cyber attack
  • credential theft
  • PlugX
  • Microsoft Entra ID
  • CISA
  • FBI
  • defense contractors
  • cybersecurity

Mentioned in this episode

Organizations: Verizon, CISA, FBI, METR

Products: Microsoft Entra ID, PlugX

Places: Northern Virginia, San Diego, Pearl Harbor

More episodes of Red Alert: China's Daily Cyber Moves

Explore listener stats, chart rankings, contacts and more on the Red Alert: China's Daily Cyber Moves podcast page.