Microsoft researchers have discovered a huge phishing campaign that has so far attempted to penetrate more than 10,000 companies and can steal credentials even if a user has multi-factor authentication (MFA) enabled.
Attackers hijacked sign-in sessions, skipped authentication, and stole credentials via adversary-in-the-middle attacks. They then utilized victim mailboxes to initiate BEC attacks against new targets. The adversary-in-the-middle (AiTM) phishing sites are used by the campaign, which has been going on since September 2021, in the early attacks to hijack session cookies and steal credentials.
The user mailboxes of the victims can then be accessed by attackers, allowing them to conduct more assaults against different targets, according to the Microsoft 365 Defender Research Team of the Microsoft Threat Intelligence Center (MTIC).