Phishing campaign targets Microsoft corporate accounts

Researchers at Zscaler ThreatLabz have uncovered a large-scale phishing campaign targeting Microsoft email services.

The campaign uses a custom proxy-based phishing kit to bypass multi-factor authentication in order to crack corporate accounts.

The goal is to compromise business emails and redirect payments to bank accounts with forged documents under their control. Targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the United States, United Kingdom, New Zealand, and Australia.

While the phishing campaign pretends to be domains of legitimate platforms, it also uses phishing emails that originate from the accounts of executives of these organizations that the attackers have previously compromised.

The phishing kit used by the attackers uses CodeSandbox and Glitch to help hackers create new redirection routes.

To bypass multi-factor authentication, threat actors use reverse proxies such as Evilginx2, Muraena, and Modilshka to stand between the victim and the email provider’s server.

As soon as the email server requests the MFA code during the login process, the phishing kit forwards this request to the victim, who then enters the OTP into the phishing field.

The data is forwarded to the email service and allows the threat actor to log into the stolen account.

For this particular phishing campaign, the attackers use a custom proxy-based phishing kit that uses the “Beautiful Soup” HTML and XML parsing tool.

The tool allows the kit to easily change legitimate login pages from corporate logins and add its own phishing elements.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web