Threat actors have been using the newly emergent Mamba 2FA phishing-as-a-service platform to compromise Microsoft 365 accounts in adversary-in-the-middle intrusions
Threat actors are now using the Mamba 2FA phishing-as-a-service platform to compromise Microsoft 365 accounts in adversary-in-the-middle (AiTM) attacks, BleepingComputer reports. Mamba 2FA's AiTM attacks against Microsoft 365 accounts are enabled by proxy relays and the Socket.IO JavaScript library, which allows for one-time passcode and authentication cookie access and communications between Microsoft 365 service phishing pages and relay servers, respectively, according to a report from Sekoia. The attackers then use a Telegram bot to enable transmission of stolen credentials and authentication cookies, Sekoia researchers found. They also noted improvements in Mamba 2FA since it was first reported by Any.Run in June. These enhancements include Mamba 2FA's use of IPRoyal proxy servers, regularly rotated phishing URLs, and benign content on HTML attachments to better conceal malicious activity. The findings should prompt organizations to bolster their defenses against AiTM intrusions launched by PhaaS operations by implementing certificate-based authentication, geo-blocking, hardware security keys, device allowlisting, IP allowlisting, and reduced token lifespans.
Disclaimer:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
