Security News > 2023 > August > Microsoft 365 accounts of execs, managers hijacked through EvilProxy
A phishing campaign leveraging the EvilProxy phishing-as-a-service tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world.
As organizations increasingly employ multi-factor authentication, threat actors have switched to using phishing services such as EvilProxy, which uses reverse proxy and cookie injection methods to steal authentication credentials and session cookies.
"This relatively simple and low-cost interface has opened a floodgate of successful MFA phishing activity. One such interface and toolkit is EvilProxy, an all-inclusive phishing kit that is easy to acquire, configure, and set up."
Between March and June 2023, Proofpoint researchers detected an new phishing campaign targeting Microsoft 365 user accounts.
About 120,000 phishing emails were sent to targeted organizations impersonating legitimate services such as DocuSign, Adobe, and SAP Concur.
When the victim clicks on the email link, they are first directed to a legitimate website and then redirected through a series of other websites, to finally land on the phishing page created by EvilProxy, which mimicks recipient branding and attempts to handle third-party identity providers.
News URL
https://www.helpnetsecurity.com/2023/08/10/evilproxy-microsoft-365/
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)