Security News > 2023 > March > Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

New research from Microsoft's Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign.

According to Microsoft, the threat actor described the kit as a phishing application with "Reverse-proxy capabilities, automated setup, detection evasion through an antibot database, management of phishing activity through Telegram bots, and a wide range of ready-made phishing pages mimicking services such as Microsoft Office or Outlook."

An AitM campaign is more difficult to detect than other types of phishing attacks because it doesn't rely on a spoofed email or website.

If the user has provided the phishing page with their credentials and enabled multi-factor authentication to log in to their real account, the phishing kit stays in function to activate its MFA bypass capabilities.

The phishing kit logs in to the legitimate service using the stolen credentials, then forwards the MFA request to the user, who provides it.

Microsoft has observed millions of phishing emails sent every day by attackers using this kit, but its diffusion might be even larger.

News URL

https://www.techrepublic.com/article/adversary-in-the-middle-phishing-campaign-bypasses-mfa-mimics-office/