Threat actors are leveraging the adversary-in-the-middle (AiTM) toolkit EvilProxy to target senior executives in the United States. The campaign has conducted credential harvesting and account takeover attacks against targets in the financial, insurance, real estate, and manufacturing sectors since July 2023.
The threat actors exploited an ‘indeed.com’ open redirect flaw and created a phishing page posing as Microsoft. Victims received phishing emails with a false ‘indeed.com’ link that instead took them to a malicious EvilProxy page. EvilProxy sits in between a target and a legitimate login page and intercepts credentials, 2FA codes, and session cookies. Microsoft’s Digital Defense Report outlined the general strategy of threat actors using social engineering techniques and exploiting trusted relationships to carry out attacks.
Read More:
https://thehackernews.com/2023/10/cybercriminals-using-evilproxy-phishing.html