Security News > 2023 > August > EvilProxy phishing campaign targets 120,000 Microsoft 365 users
EvilProxy is becoming one of the more popular phishing platforms to target MFA-protected accounts, with researchers seeing 120,000 phishing emails sent to over a hundred organizations to steal Microsoft 365 accounts.
A new phishing campaign observed by Proofpoint since March 2023 is using the EvilProxy service to send emails that impersonate popular brands like Adobe, DocuSign, and Concur.
Eventually, the victim lands on an EvilProxy phishing page that reverse proxies the Microsoft 365 login page, which also features the victim's organization theme to appear authentic.
Once a Microsoft 365 account is compromised, the threat actors add their own multi-factor authentication method to establish persistence.
Reverse proxy phishing kits, and EvilProxy in particular, are a growing threat capable of delivering high-quality phishing at dangerous scales while bypassing security measures and account protections.
Russian hackers target govt orgs in Microsoft Teams phishing attacks.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Microsoft 365 users hit by random product deactivation errors (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)