216.73.217.50

M365 adversary-in-the-middle campaign

· Published 08/07/2024 19:46 · Modified 08/07/2024 20:26

Export JSON

Essential information

Published
08/07/2024 19:46
Modified
08/07/2024 20:26
Tags
2024-07-08 adversary-in-the-middle bec credential harvesting m365 phishing
Related entities
19 observables, 12 techniques (mitre)

Description

Field Effect researchers uncovered a previously unreported campaign leveraging the Axios user agent string to facilitate business email compromise () attacks against Microsoft 365 () accounts. The threat actor utilized malicious domains impersonating login pages to harvest victims' credentials and multi-factor authentication codes through an (AiTM) technique. The investigation revealed the attacker's exploitation of Axios' ability to intercept and manipulate requests, making the authentication appear legitimate while enabling unauthorized access to compromised accounts.

External references