M365 adversary-in-the-middle campaign

Tags

External References

• https://fieldeffect.com/
• https://otx.alienvault.com/

Description

Field Effect researchers uncovered a previously unreported campaign leveraging the Axios user agent string to facilitate business email compromise (BEC) attacks against Microsoft 365 (M365) accounts. The threat actor utilized malicious domains impersonating M365 login pages to harvest victims' credentials and multi-factor authentication codes through an adversary-in-the-middle (AiTM) technique. The investigation revealed the attacker's exploitation of Axios' ability to intercept and manipulate requests, making the authentication appear legitimate while enabling unauthorized access to compromised accounts.

Date