![]() ![]() We also share best practices and detection details to further protect organizations from AiTM phishing attacks. In this blog post, we share information on DEV-1101, the tool they offer, and details on related AiTM campaigns. Microsoft 365 Defender detects suspicious activities related to AiTM phishing attacks and follow-on activities, such as session cookie theft and attempts to use the stolen cookies to sign in. Actors using this kit have varying motivations and targeting and might target any industry or sector. These attributes make the kit attractive to many different actors who have continually put it to use since it became available in May 2022. The threat actor group began offering their AiTM phishing kit in 2022, and since then has made several enhancements to their kit, such as the capability to manage campaigns from mobile devices, as well as evasion features like CAPTCHA pages. The availability of such phishing kits for purchase by attackers is part of the industrialization of the cybercriminal economy and lowers the barrier of entry for cybercrime.ĭEV-1101 offers an open-source kit that automates setting up and launching phishing activity and provides support services to attackers. DEV-1101 is an actor tracked by Microsoft responsible for the development, support, and advertising of several AiTM phishing kits, which other cybercriminals can buy or rent. AiTM phishing is capable of circumventing multifactor authentication (MFA) through reverse-proxy functionality.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |