Threat actors have launched a widespread business email compromise campaign leveraging adversary-in-the-middle techniques to compromise dozens of organizations worldwide, reports The Hacker News.
One of the organizations targeted by the attackers has been sent a phishing email with a link redirecting to an AiTM phishing page for credential and one-time password harvesting, according to a Sygnia report.
Attackers have also exploited temporary account access to facilitate new multi-factor authentication device registration to establish persistence.
"In addition to exfiltration of sensitive data from the victim's account, the threat actor used this access to send new phishing emails containing the new malicious link to dozens of the client's employees as well as additional targeted organizations," said researchers, who described the phishing mail distribution as being worm-like.
Such an attack comes just days after banking and financial services firms were noted by Microsoft to be targeted with combined AiTM and BEC phishing attacks.