• Adversary-in-the-middle (AiTM) is an attack where an adversary places themselves in between the communication channel of the client and server to modify or obtain data from a transaction.

• Researchers at Microsoft Threat Intelligence Center have been monitoring a phishing campaign where the attackers highjacked the user's session and skipped the MFA enabled authentication process. Microsoft assesses that the attackers have targeted more than 10,000 organizations since Sep 2021.

• In this specific AiTM phishing attack the attacker deployed a proxy server between a target user and the impersonated website the user visited.

• This a setup allowed the attackers to steal and intercept the target’s password and hijack user’s sign-in sessions skipping MFA authentication.