A new large-scale phishing campaign is employing a custom proxy-based phishing kit to bypass multi-factor authentication (MFA) and a variety of URL obfuscation techniques to circumvent email security software to steal credentials for Microsoft email accounts, according to security researchers at Zscaler. Notably, the campaign has targeted energy companies in the U.S., the U.K., New Zealand, and Australia. Researchers believe the goal of the campaign is to compromise corporate email accounts to carry out BEC (business email compromise) attacks. Many of the phishing emails observed in this campaign came from executives in organizations that adversaries likely previously compromised, highlighting the need to double-check sensitive email requests with the sender via another channel. Additionally, the custom proxy-based phishing kit that can bypass MFA using a technique called an “adversary-in-the-middle” (AiTM) attack, is similar to another massive phishing campaign also targeting Microsoft accounts which WaterISAC reported on last month. To assist network defenders, Zscaler has compiled and will be updating a list of IOCs to be used for blocking. Read more at BleepingComputer or read the original report at Zscaler.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!