Cybercriminals have launched an EvilProxy phishing campaign with the aim of infiltrating thousands of Microsoft 365 user accounts across the globe.
Over a span of three months from March to June, the attackers distributed a barrage of 120,000 phishing emails targeting more than 100 organizations worldwide. The primary objective of this operation was to compromise high-ranking executive accounts, paving the way for subsequent, deeper attacks within these enterprises.
Researchers from Proofpoint have shed light on the ongoing campaign, revealing that it employs a range of phishing strategies, including brand impersonation, scan blocking, and a multi-step infection process.
These tactics have enabled the attackers to successfully seize control of cloud accounts belonging to top-level executives. Notably, over the past half-year, there has been an alarming surge of over 100% in these takeover incidents. These breaches occurred within organizations that collectively represent 1.5 million employees globally.
The attackers leveraged the EvilProxy phishing-as-a-service platform, utilizing reverse proxy and cookie-injection methods. These techniques allowed them to bypass multi-factor authentication (MFA), which is often touted as a defense mechanism against phishing attacks. The use of tools like EvilProxy, which operate as reverse-proxy h
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: