216.73.217.80

Your MFA Is No Match for Sneaky2FA

· Published 28/02/2025 05:26 · Modified 28/02/2025 09:58

Export JSON

Essential information

Published
28/02/2025 05:26
Modified
28/02/2025 09:58
Tags
2025-02-28 2fa bypass office 365 phaas phishing session cookies sneaky2fa
Related entities
15 observables, 6 techniques (mitre), 1 malware

Description

In early February 2025, the eSentire Threat Response Unit detected a user accessing a site associated with , an Adversary-in-the-Middle -as-a-Service kit designed to bypass two-factor authentication. The attack involved a spam email with a link to a PDF in OneDrive, redirecting users to a fake page. uses Cloudflare Turnstile to prevent scanners from accessing the page. The kit captures user credentials and 2FA codes, providing operators with for unauthorized access. operators were observed using stolen cookies to add MFA methods, hiding behind VPN and proxy services. The sophisticated nature of allows damaging follow-on activities such as email exfiltration, spam, and BEC attacks.

External references