Security News > 2023 > August > Microsoft 365 accounts of execs, managers hijacked through EvilProxy

A phishing campaign leveraging the EvilProxy phishing-as-a-service tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world.

As organizations increasingly employ multi-factor authentication, threat actors have switched to using phishing services such as EvilProxy, which uses reverse proxy and cookie injection methods to steal authentication credentials and session cookies.

"This relatively simple and low-cost interface has opened a floodgate of successful MFA phishing activity. One such interface and toolkit is EvilProxy, an all-inclusive phishing kit that is easy to acquire, configure, and set up."

Between March and June 2023, Proofpoint researchers detected an new phishing campaign targeting Microsoft 365 user accounts.

About 120,000 phishing emails were sent to targeted organizations impersonating legitimate services such as DocuSign, Adobe, and SAP Concur.

When the victim clicks on the email link, they are first directed to a legitimate website and then redirected through a series of other websites, to finally land on the phishing page created by EvilProxy, which mimicks recipient branding and attempts to handle third-party identity providers.

News URL

https://www.helpnetsecurity.com/2023/08/10/evilproxy-microsoft-365/