Security News > 2023 > August > Microsoft 365 accounts of execs, managers hijacked through EvilProxy
A phishing campaign leveraging the EvilProxy phishing-as-a-service tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world.
As organizations increasingly employ multi-factor authentication, threat actors have switched to using phishing services such as EvilProxy, which uses reverse proxy and cookie injection methods to steal authentication credentials and session cookies.
"This relatively simple and low-cost interface has opened a floodgate of successful MFA phishing activity. One such interface and toolkit is EvilProxy, an all-inclusive phishing kit that is easy to acquire, configure, and set up."
Between March and June 2023, Proofpoint researchers detected an new phishing campaign targeting Microsoft 365 user accounts.
About 120,000 phishing emails were sent to targeted organizations impersonating legitimate services such as DocuSign, Adobe, and SAP Concur.
When the victim clicks on the email link, they are first directed to a legitimate website and then redirected through a series of other websites, to finally land on the phishing page created by EvilProxy, which mimicks recipient branding and attempts to handle third-party identity providers.
News URL
https://www.helpnetsecurity.com/2023/08/10/evilproxy-microsoft-365/
Related news
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- Microsoft 365 users hit by random product deactivation errors (source)