Account holders for Microsoft email services are being targeted in a phishing campaign, according to security researchers from Zscaler’s ThreatLabz group.
The objective behind the threat actors’ efforts is believed to be the breaching of corporate accounts in order to perform Business Email Compromise (BEC) attacks.
As Bleeping Computer reported, the BEC-based business would see payments redirected to hackers’ bank accounts through the use of fake documents.
Zscaler, a cloud security company, said the targets were involved in various industries, such as fintech, lending, accounting, insurance and federal credit organizations based in the US, UK United, New Zealand and Australia.
At the moment, it seems that the campaign has not yet been properly addressed by Microsoft, with new phishing domains being released almost every day.
The campaign was initially detected in June 2022, with analysts observing a sudden increase in phishing attempts against the aforementioned industries, in addition to Microsoft email service account holders.
Threat actors would embed links to emails as buttons or HTML files that would redirect the target to a phishing page. Bleeping Computer points out that some platforms don’t see open redirects as a vulnerability, which led to these malicious redirects going through Google Ads, Snapchat and DoubleClick.
Businesses and individuals are increasingly turning to multi-factor authentication to secure their accounts. As such, obtaining a login email and password these days will not provide anything of value to hackers.
Custom phishing kits and reverse proxies like Evilginx2, Muraena, and Modilshka have now come into play to bypass an MFA-enabled account.
A phishing proxy that basically acts as an intermediary between the victim and the email provider’s service is capable of mining authentication cookies. Using this method, hackers can use the stolen cookies to log in and completely evade MFA for an account.
For this particular campaign, a custom proxy-based phishing kit was found using the Beautiful Soup HTML and XML parsing tool, which modifies actual login pages derived from enterprise logins to incorporate of phishing.
Cyberattacks in general have almost doubled since last year, while Microsoft itself has launched an initiative to combat the rapid increase in cybercrime with its Security Experts program.