M365 adversary-in-the-middle campaign
Essential information
- Published
- 08/07/2024 19:46
- Modified
- 08/07/2024 20:26
- Tags
- 2024-07-08 adversary-in-the-middle bec credential harvesting m365 phishing
- Related entities
- 19 observables, 12 techniques (mitre)
Description
Field Effect researchers uncovered a previously unreported campaign leveraging the Axios user agent string to facilitate business email compromise (BEC) attacks against Microsoft 365 (M365) accounts. The threat actor utilized malicious domains impersonating M365 login pages to harvest victims' credentials and multi-factor authentication codes through an adversary-in-the-middle (AiTM) technique. The investigation revealed the attacker's exploitation of Axios' ability to intercept and manipulate requests, making the authentication appear legitimate while enabling unauthorized access to compromised accounts.