The victim is then taken to a page where they are instructed to enter their email address, followed by a second CAPTCHA page. The user is then told that the verification has been successfully completed and is asked to sign in to their Microsoft account.This last step of the attack involves adversary-in-the-middle (AitM) phishing, in which the attacker proxies the session to capture authentication tokens and gain immediate access to the targeted account.“Unlike traditional credential harvesting, AiTM attacks intercept authentication traffic in real time, bypassing non-phishing-resistant multifactor authentication (MFA),” Microsoft noted.Enterprises at risk of being targeted in this and similar phishing campaigns have been provided with recommendations for mitigating attacks, as well as threat-hunting queries andindicators of compromise (IoCs).Related:New Bluekit Phishing Kit Features AI AssistantRelated:Robinhood Vulnerability Exploited for Phishing AttacksRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

This last step of the attack involves adversary-in-the-middle (AitM) phishing, in which the attacker proxies the session to capture authentication tokens and gain immediate access to the targeted account.“Unlike traditional credential harvesting, AiTM attacks intercept authentication traffic in real time, bypassing non-phishing-resistant multifactor authentication (MFA),” Microsoft noted.Enterprises at risk of being targeted in this and similar phishing campaigns have been provided with recommendations for mitigating attacks, as well as threat-hunting queries andindicators of compromise (IoCs).Related:New Bluekit Phishing Kit Features AI AssistantRelated:Robinhood Vulnerability Exploited for Phishing AttacksRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

“Unlike traditional credential harvesting, AiTM attacks intercept authentication traffic in real time, bypassing non-phishing-resistant multifactor authentication (MFA),” Microsoft noted.Enterprises at risk of being targeted in this and similar phishing campaigns have been provided with recommendations for mitigating attacks, as well as threat-hunting queries andindicators of compromise (IoCs).Related:New Bluekit Phishing Kit Features AI AssistantRelated:Robinhood Vulnerability Exploited for Phishing AttacksRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Enterprises at risk of being targeted in this and similar phishing campaigns have been provided with recommendations for mitigating attacks, as well as threat-hunting queries andindicators of compromise (IoCs).Related:New Bluekit Phishing Kit Features AI AssistantRelated:Robinhood Vulnerability Exploited for Phishing AttacksRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Related:New Bluekit Phishing Kit Features AI AssistantRelated:Robinhood Vulnerability Exploited for Phishing AttacksRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Related:Robinhood Vulnerability Exploited for Phishing AttacksRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Related:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Source: SecurityWeek