From thehackernews.com
![AiTM Phishing Attacks](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhenvBjUnkOSZ4cZJBwuWk5vs1CBI_0KRCA6jkSQNm0nv2_JNWw6AgkTvMDsnjSuWBPqMyvz5ZN6_NIwgcBT2VAlbWwiiF16SFTlplaaVD01VK5sdiekM_hyFi6gBh4SLGSw3e_JkXhr54MTIB9kD94Pow80GiYRuE8bxfgMH-F0Gg0OFFvtuzTBRJP/s728-e1000/ms.jpg)
Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365’s authentication process even on accounts secured with multi-factor authentication (MFA).
“The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets,” the company’s cybersecurity teams reported.
The intrusions entailed setting up adversary-in-the-middle (AitM) phishing sites, wherein the adversary deploys a proxy server between a potential victim and the targeted website so that recipients of a phishing email are redirected to lookalike landing pages designed to capture credentials and MFA information.