Security News > 2022 > August > Microsoft accounts targeted with new MFA-bypassing phishing kit
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication.
The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia.
The campaign was discovered by Zscaler's ThreatLabz researchers, who report that the operation is still ongoing, and the phishing actors register new phishing domains almost daily.
Notably, many phishing emails originated from the accounts of executives working in these organizations, whom the threat actors most likely compromised earlier.
"A common method of hosting redirection code is making use of web code editing/hosting services: the attacker is able to use those sites, meant for legitimate use by web developers, to rapidly create new code pages, paste into them a redirect code with the latest phishing site's URL, and proceed to mail the link to the hosted redirect code to victims en masse." - Zscaler.
The email server requests the MFA code during the login process, and the phishing kit relays that request to the victim, who then enters the OTP on the phishing box.
News URL
Related news
- Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)