Microsoft has warned of yet another phishing attack, where an attacker attempts to obtain a target user's session cookie to bypass the Multi Factor Authentication process.
• Adversary-in-the-middle (AiTM) is an attack where an adversary places themselves in between the communication channel of the client and server to modify or obtain data from a transaction.
• Researchers at Microsoft Threat Intelligence Center have been monitoring a phishing campaign where the attackers highjacked the user's session and skipped the MFA enabled authentication process. Microsoft assesses that the attackers have targeted more than 10,000 organizations since Sep 2021.
• In this specific AiTM phishing attack the attacker deployed a proxy server between a target user and the impersonated website the user visited.
• This a setup allowed the attackers to steal and intercept the target’s password and hijack user’s sign-in sessions skipping MFA authentication.