Security News > 2023 > August > Massive EvilProxy Phishing Attack Campaign Bypasses 2FA, Targets Top-Level Executives
New research from Proofpoint exposes a new massive credential phishing attack campaign aimed at top-level executives in more than 100 organizations worldwide.
This cybersecurity attack leverages the EvilProxy phishing kit and bypasses two-factor authentication.
Daniel Blackford, threat researcher at Proofpoint, told TechRepublic that EvilProxy is sold in underground forums and Telegram channels, and added that "The basic version of EvilProxy costs a few hundred dollars, but it depends on many parameters like: feature set, number of targeted users, etc."
The user lands on the EvilProxy phishing website, which in this campaign is a Microsoft login page functioning as a reverse proxy.
This attack campaign sent approximately 120,000 phishing emails to hundreds of targeted organizations worldwide between March and June 2023, with the goal to steal users' Microsoft 365 cloud credentials.
While the goal of this attack campaign remains unknown, this kind of attack generally leads to financial fraud or sensitive data exfiltration.
News URL
https://www.techrepublic.com/article/evilproxy-phishing-attack/
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)
- CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (source)