M365 adversary-in-the-middle campaign
July 8, 2024, 8:26 p.m.
Tags
External References
Description
Field Effect researchers uncovered a previously unreported campaign leveraging the Axios user agent string to facilitate business email compromise (BEC) attacks against Microsoft 365 (M365) accounts. The threat actor utilized malicious domains impersonating M365 login pages to harvest victims' credentials and multi-factor authentication codes through an adversary-in-the-middle (AiTM) technique. The investigation revealed the attacker's exploitation of Axios' ability to intercept and manipulate requests, making the authentication appear legitimate while enabling unauthorized access to compromised accounts.
Date
Published: July 8, 2024, 7:46 p.m.
Created: July 8, 2024, 7:46 p.m.
Modified: July 8, 2024, 8:26 p.m.
Attack Patterns
T1089
T1193
T1185
T1567
T1598
T1489
T1056
T1566
T1090
T1078
T1003
T1059