AiTM Phishing Campaign Targets +10,000 Orgs Since 2021 – Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Jul 15, 2022 06:02 am PST

Security Affairs reported on a Microsoft analysis of a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA.

– The landing pages used in this campaign were designed to target Office 365 authentication process by posing as the Office online authentication page. Microsoft researchers noticed that the operators behind this campaign use the Evilginx2 phishing kit as their AiTM infrastructure.

– Microsoft recommends organization to adopt MFA implementation “phish-resistant” by using solutions that support Fast ID Online (FIDO) v2.0 and certificate-based authentication.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Garret F. Grajek
July 15, 2022 2:02 pm

“Phishing is still the #1 attack vector with identities being their primary target. An identity is a pass key into an enterprise’s resources. Why hack the security components when the key to front door is available. It can never be stated enough how much identities, especially ghost, legacy, stale accounts must be discovered and eliminated. It’s these stale accounts that allow hackers to stay resident.”

Last edited 1 year ago by Garret F. Grajek

Recent Posts

Would love your thoughts, please comment.x