Security News > 2023 > March > Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

New research from Microsoft's Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign.
According to Microsoft, the threat actor described the kit as a phishing application with "Reverse-proxy capabilities, automated setup, detection evasion through an antibot database, management of phishing activity through Telegram bots, and a wide range of ready-made phishing pages mimicking services such as Microsoft Office or Outlook."
An AitM campaign is more difficult to detect than other types of phishing attacks because it doesn't rely on a spoofed email or website.
If the user has provided the phishing page with their credentials and enabled multi-factor authentication to log in to their real account, the phishing kit stays in function to activate its MFA bypass capabilities.
The phishing kit logs in to the legitimate service using the stolen credentials, then forwards the MFA request to the user, who provides it.
Microsoft has observed millions of phishing emails sent every day by attackers using this kit, but its diffusion might be even larger.
News URL
Related news
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)