• Microsoft is warning organizations of an uptick in Adversary-in-the-Middle (AiTM) phishing kits that are capable of bypassing multi-factor authentication (MFA) through reverse-proxy functionality.

• As observed by Microsoft, millions of phishing emails were composed per day using the tool provided by threat actor DEV-1101.

• The threat actor group began offering their AiTM phishing kit in 2022, and since then has made several enhancements to their kit, such as the capability to manage campaigns from mobile devices, as well as evasion features like CAPTCHA pages.