Security News > 2022 > July > Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication.
The intrusions entailed setting up adversary-in-the-middle phishing sites, wherein the adversary deploys a proxy server between a potential victim and the targeted website so that recipients of a phishing email are redirected to lookalike landing pages designed to capture credentials and MFA information.
"These sessions mean that the phishing page practically functions as an AitM agent, intercepting the whole authentication process and extracting valuable data from the HTTP requests such as passwords and session cookies."
The phishing campaign spotted by Microsoft was orchestrated to single out Office 365 users by spoofing the Office online authentication page, with the actors using the Evilginx2 phishing kit for carrying out the AitM attacks.
"This AiTM phishing campaign is another example of how threats continue to evolve in response to the security measures and policies organizations put in place to defend themselves against potential attacks," the researchers said.
"While AiTM phishing attempts to circumvent MFA, it's important to underscore that MFA implementation remains an essential pillar in identity security. MFA is still very effective at stopping a wide variety of threats; its effectiveness is why AiTM phishing emerged in the first place."
News URL
https://thehackernews.com/2022/07/microsoft-warns-of-large-scale-aitm.html
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)