Security News > 2025 > January > New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
2025-01-17 10:07
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting
News URL
https://thehackernews.com/2025/01/new-sneaky-2fa-phishing-kit-targets.html
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Microsoft 365 users hit by random product deactivation errors (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)