Today > 2 Critical | 5 High | 12 Medium vulnerabilities   -   You can now download lists of IOCs here!

M365 adversary-in-the-middle campaign

July 8, 2024, 8:26 p.m.

Tags
phishing
credential
2024-07-08
bec
m365
harvesting
adversary-in-the-middle
External References
Description

Field Effect researchers uncovered a previously unreported campaign leveraging the Axios user agent string to facilitate business email compromise (BEC) attacks against Microsoft 365 (M365) accounts. The threat actor utilized malicious domains impersonating M365 login pages to harvest victims' credentials and multi-factor authentication codes through an adversary-in-the-middle (AiTM) technique. The investigation revealed the attacker's exploitation of Axios' ability to intercept and manipulate requests, making the authentication appear legitimate while enabling unauthorized access to compromised accounts.

Date

Published: July 8, 2024, 7:46 p.m.

Created: July 8, 2024, 7:46 p.m.

Modified: July 8, 2024, 8:26 p.m.

Indicators

72.68.160.230

212.18.104.90

212.18.104.80

212.18.104.79

212.18.104.78

212.18.104.109

212.18.104.7

212.18.104.108

212.18.104.107

154.56.56.200

194.164.76.149

92.118.112.53

162.213.251.86

141.98.233.86

62.133.61.17

62.133.61.18

okhyg.unsegin.com

lsj.logentr.com

ldn3.p9j32.com

Download all indicators here!

Attack Patterns

T1089

T1193

T1185

T1567

T1598

T1489

T1056

T1566

T1090

T1078

T1003

T1059