Microsoft email service account holders are being targeted in a phishing campaign, according to security researchers from Zscaler’s ThreatLabz group.
It is believed that the goal of the threat actors’ efforts is to hack corporate accounts in order to carry out Business Email Compromise (BEC) attacks.
As reported by Bleeping Computer, BEC-based activity would see payments redirected toward hackers’ bank accounts via the use of forged documents.
Zscaler, a cloud security company, said the targets were involved in various industries, such as fintech, lending, accounting, insurance, and federal credit union institutions based in the US, UK, New Zealand and Australia.
At the moment, it appears that the campaign is not being handled properly by Microsoft, as new phishing domains are posted almost every day.
The campaign was originally discovered in June 2022, as analysts noted a sudden rise in phishing attempts against the aforementioned industries, as well as Microsoft email service account holders.
Threats may include links to email messages as buttons or HTML files that will redirect the target to a phishing page. Bleeping Computer reports that some platforms do not see open redirects as a vulnerability, resulting in these malicious redirects going through Google, Snapchat, and DoubleClick ads.
Businesses and individuals are increasingly turning to multi-factor authentication to secure their accounts. As such, having a login email and password nowadays will not provide anything of value to hackers.
Dedicated phishing groups and reverse agents such as Evilginx2, Muraena and Modilshka have now come into play to bypass an MFA enabled account.
A phishing agent that basically acts as an intermediary between the victim and the email provider’s service is able to extract the authentication cookies. Through this method, hackers can use the stolen cookies to log in and completely evade the MFA to get an account.
For this particular campaign, a dedicated proxy-based phishing toolkit was found using an HTML and XML parser, which modifies actual login pages derived from corporate logins in order to integrate phishing components.
Cyber attacks in general have nearly doubled since last year, while Microsoft itself has launched an initiative to tackle the rapid rise of cybercrime through its Security Experts Program.