"Phishers Use Custom Phishing Kit to Hijack MFA-Protected Enterprise Microsoft Accounts"
According to Zscaler researchers, an ongoing large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy, and Manufacturing sectors in the US, UK, New Zealand, and Australia. To hijack enterprise Microsoft accounts, the attackers use various techniques and tactics to circumvent corporate email security solutions, as well as a custom phishing kit that allows them to bypass multi-factor authentication (MFA) protection. Following the compromise, the attackers were seen logging into a compromised account to read emails and examine the user's profile information. The threat actor behind the campaign, according to the researchers, is using various cloaking and browser fingerprinting techniques to avoid automated URL analysis systems, along with various URL redirection methods to avoid corporate email URL analysis solutions. To host redirection URL code, the attackers use online code editing services such as CodeSandbox and Glitch, as well as Open Redirect pages hosted by Google Ads and Snapchat. This article continues to discuss findings regarding the ongoing large-scale phishing campaign targeting business email account owners.