Security News > 2024 > November > Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
2024-11-29 10:06
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)
News URL
https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Massive botnet hits Microsoft 365 accounts (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Microsoft links recent Microsoft 365 outage to buggy update (source)