Security News > 2023 > June > Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations

"Dozens" of organizations across the world have been targeted as part of a broad business email compromise campaign that involved the use of adversary-in-the-middle techniques to carry out the attacks.

"Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee's account and executed an 'adversary-in-the-middle' attack to bypass Office365 authentication and gain persistence access to that account," Sygnia researchers said in a report shared with The Hacker News.

"Once gaining persistence, the threat actor exfiltrated data from the compromised account and used his access to spread the phishing attacks against other victim's employees along with several external targeted organizations."

The findings come less than a week after Microsoft detailed a similar combination of an AitM phishing and a BEC attack aimed at banking and financial services organizations.

In the attack chain documented by Sygnia, the attacker was observed sending a phishing email containing a link to a purported "Shared document" that ultimately redirected the victim to an AitM phishing page designed to harvest the entered credentials and one-time passwords.

"In addition to exfiltration of sensitive data from the victim's account, the threat actor used this access to send new phishing emails containing the new malicious link to dozens of the client's employees as well as additional targeted organizations," Sygnia researchers said.

News URL

https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html