"Microsoft Warns of Multi-Stage AiITM Phishing and BEC Attacks"

Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and Business Email Compromise (BEC) attacks targeting financial service organizations. In AiTM phishing, threat actors set a proxy server between a target user and the website the user wants to access, which is the phishing website under the attackers' control. The proxy server enables attackers to access traffic in order to steal passwords and session cookies. Microsoft found that the attackers initially compromised a trusted vendor before launching AiTM attacks and follow-on BEC activities against multiple organizations. This campaign is notable for its use of an indirect proxy, which gave perpetrators control and flexibility in tailoring phishing pages to their intended victims. Microsoft attributes the attacks to the "Storm-1167" emerging cluster. This article continues to discuss Microsoft researchers' warning of banking AitM phishing and BEC attacks targeting banking and financial organizations.

Security Affairs reports "Microsoft Warns of Multi-Stage AiITM Phishing and BEC Attacks"