"Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives"
There has been an increase in the use of a Phishing-as-a-Service (PhaaS) toolkit called EvilProxy by threat actors to conduct account takeover attacks targeting high-ranking executives at well-known companies. According to Proofpoint, an ongoing hybrid campaign used the service to target thousands of Microsoft 365 user accounts, sending about 120,000 phishing emails to hundreds of organizations across the globe between March and June 2023. Nearly 39 percent of the hundreds of compromised users are C-level executives, including CEOs and CFOs. Additionally, the attacks have targeted employees with access to financial assets or sensitive data. At least 35 percent of compromised users had enabled additional account protections. The campaigns are viewed as a response to the increased adoption of multi-factor authentication (MFA) in enterprises, which has prompted threat actors to evolve their tactics to circumvent new security layers by incorporating Adversary-in-the-Middle (AitM) phishing kits to steal credentials, session cookies, and one-time passwords. This article continues to discuss threat actors increasingly using the EvilProxy PhaaS.
THN reports "Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives"