Security News > 2023 > March > Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

New research from Microsoft's Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign.
According to Microsoft, the threat actor described the kit as a phishing application with "Reverse-proxy capabilities, automated setup, detection evasion through an antibot database, management of phishing activity through Telegram bots, and a wide range of ready-made phishing pages mimicking services such as Microsoft Office or Outlook."
An AitM campaign is more difficult to detect than other types of phishing attacks because it doesn't rely on a spoofed email or website.
If the user has provided the phishing page with their credentials and enabled multi-factor authentication to log in to their real account, the phishing kit stays in function to activate its MFA bypass capabilities.
The phishing kit logs in to the legitimate service using the stolen credentials, then forwards the MFA request to the user, who provides it.
Microsoft has observed millions of phishing emails sent every day by attackers using this kit, but its diffusion might be even larger.
News URL
Related news
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft releases emergency update to fix Office 2016 crashes (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Microsoft: Office 2016 and Office 2019 reach end of support in October (source)