Email security, Vulnerability Management

Expansive phishing campaign targets enterprise Microsoft accounts

U.S.-, U.K.-, Australia-, and New Zealand-based fintech, insurance, accounting, lending, and Federal Credit Union organizations using Microsoft email services are being targeted by an ongoing extensive phishing campaign leveraging a custom proxy-based phishing kit for multi-factor authentication evasion and credential compromise, BleepingComputer reports. Business email compromise attacks are seemingly the goal of threat actors behind the campaign, which was initially discovered in June, with payments being redirected to attacker-controlled accounts, according to a report from Zscaler's ThreatLabz researchers. Attackers were found to register typo-squatted versions of U.S. Federal Credit Union domains, as well as leverage sites with domain names pertaining to password reset lures. Moreover, phishing messages contained links to emails that redirect to phishing pages, with the redirections facilitated by legitimate web resources that bypass security checks. Threat actors have also been leveraging the Muraena, Modilshka, and Evilginx2 tools to evade MFA and enable adversary in the middle attacks.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.