Microsoft has identified a multi-stage phishing campaign targeting the energy sector, utilizing compromised SharePoint accounts to deliver malicious links. Attackers leverage trusted identities to send phishing emails and create inbox rules, maintaining persistence while evading detection. Organizations are urged to implement stronger security measures, including phishing-resistant MFA.