Security News > 2022 > August > Man-in-the-Middle Phishing Attack
2022-08-25 11:45
Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.
When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server's response back to the user.
Once the authentication was completed, the threat actor stole the session cookie the legitimate site sent, so the user doesn't need to be reauthenticated at every new page visited.
The campaign began with a phishing email with an HTML attachment leading to the proxy server.
News URL
https://www.schneier.com/blog/archives/2022/08/man-in-the-middle-phishing-attack.html
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)