Key points
Corporate users of Microsoft’s email services are the main targets of this large-scale phishing campaign.
All these phishing attacks begin with an email sent to the victim with a malicious link.
The campaign is active at the time of blog publication and new phishing domains are registered almost every day by the threat actor.
In some cases, the business emails of executives were compromised using this phishing attack and later used to send further phishing emails as part of the same campaign.
Some of the key industry verticals such as FinTech, Lending, Insurance, Energy and Manufacturing in geographical regions such as the US, UK, New Zealand and Australia are targeted.
A custom proxy-based phishing kit capable of bypassing multi-factor authentication (MFA) is used in these attacks.
Various cloaking and browser fingerprinting techniques are leveraged by the threat actor to bypass automated URL analysis systems.
Numerous URL redirection methods are used to evade corporate email URL analysis solutions.
Legitimate online code editing services such as CodeSandbox and Glitch are abused to increase the shelf life of the campaign…
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Large-Scale AiTM Attack targeting enterprise users of Microsoft email services
- This topic has 0 replies, 1 voice, and was last updated 10 months ago.
Author
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Gigabyte motherboards backdoor
by 1 hour, 13 minutes ago
-
numbering in a table
by 4 hours, 6 minutes ago
-
LMDE 5 32-bit dual boot on seperatd drives
by 2 hours, 15 minutes ago
-
Microsoft ends 2017 Surface Book 2 support
by 15 hours, 22 minutes ago
-
My monitors won’t turn on
by 8 hours, 46 minutes ago
-
AMD Software Failed to Launch Because Windows Update Has Replaced the AMD…
by 1 day, 1 hour ago
-
Microsoft : New macOS vulnerability, Migraine, could bypass System Integrity…
by 1 day, 3 hours ago
-
Remove One Drive
by 1 day, 8 hours ago
-
Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release
by 20 hours, 2 minutes ago
-
How to change “User Account Control:Run as administrator”
by 1 day, 13 hours ago
-
Two monitors, want different “fixed” wallpaper on each one
by 1 day, 19 hours ago
-
Microsoft forcing move to Microsoft account?
by 1 day, 17 hours ago
-
Event 2545 Device Management – Enterprise – Diagnostics – Provider
by 1 day, 21 hours ago
-
QBot malware exploits Windows WordPad EXE to take over
by 2 days, 16 hours ago
-
Laptop powers off during KB5026361 update
by 2 days, 16 hours ago
-
How to enable Sleep in Shut down menu?
by 2 days, 17 hours ago
-
Beware of Google’s .ZIP domain and password-embedded URLs
by 1 hour, 40 minutes ago
-
Longstanding feature requests, and their status
by 3 days, 1 hour ago
-
Three typing tutors — no more “hunt and peck”
by 3 days, 1 hour ago
-
Is online banking secure?
by 18 hours, 31 minutes ago
-
Bluetooth audio not working on older Lenovo T420 with Win 10
by 2 days, 7 hours ago
-
Using wildcards in search and replace
by 3 days, 10 hours ago
-
How is Windows XP a security risk?
by 2 hours, 4 minutes ago
-
Is using VPN a good idea?
by 3 days, 7 hours ago
-
How to prevent/disable Bitlocker Automatic Device Encryption?
by 3 days, 18 hours ago
-
Unexplained aspects of installing the latest update of Office 2021
by 3 days, 18 hours ago
-
Getting started with macOS Disk Utility: RAID, images, and repairs
by 4 days, 3 hours ago
-
Getting started with macOS Disk Utility: Resizing, snapshots, and journaling
by 4 days, 3 hours ago
-
Are you ready for AI?
by 21 hours, 7 minutes ago
-
Windows 11 Insider Preview build 25375 released to Canary
by 4 days, 6 hours ago
