"Large-Scale Phishing Campaign Bypasses MFA"

Microsoft researchers discovered a massive phishing campaign that can steal credentials even if a user has enabled multi-factor authentication (MFA). The campaign has attempted to compromise more than 10,000 organizations. It has been running since September 2021 and relies on adversary-in-the-middle (AiTM) phishing sites to hijack session cookies and steal credentials in the initial attacks. Attackers can then gain access to victims' user mailboxes and launch additional attacks against other targets, according to the Microsoft Threat Intelligence Center (MTIC). In AiTM attacks, a threat actor places a proxy server between a target user and the website the user wishes to visit, which is the site the attacker wishes to impersonate. An attacker can steal and intercept the target's password as well as the session cookie, which proves their ongoing and authenticated session with the website. This article continues to discuss the AiTM attacks observed by MTIC. 

Threatpost reports "Large-Scale Phishing Campaign Bypasses MFA"