VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Microsoft: Token-stealing phishing campaign hit 35,000 users across 26 countries

Microsoft: фишинговая кампания с кражей токенов поразила 35 000 пользователей в 26 странах

Colleagues, a note for infosec: Microsoft detailed a large phishing campaign affecting 35,000 users.

- Method: corporate HTML templates, PDF attachments and legitimate mail delivery services.
- Chain: CAPTCHA and intermediate pages, followed by AI-powered-in-the-middle (AiTM) phishing to steal credentials and tokens — bypassing MFA.
- Targets: primarily the US; sectors include healthcare, finance, professional and IT services.

Why it matters: attackers enhance email plausibility and exploit trusted infrastructure to evade defenses.

What immediate measures would you recommend to protect staff?

#cybersecurity #phishing #MFA #infosec

Latest comments

No comments yet.