Several high-volume phishing campaigns involving millions of emails have been conducted with the use of an open-source adversary-in-the-middle phishing kit developed by the DEV-1101 threat operation, The Hacker News reports.
Microsoft Threat Intelligence researchers discovered that since its emergence last May, the open-source phishing kit with the capability to establish Microsoft Office and Outlook impersonating pages, allow mobile campaign management, and permit CAPTCHA checks, has been updated to enable the use of a Telegram bot for server management.
Phishing emails delivered using the kit contain a PDF document link that redirects to a Microsoft sign-in portal-spoofing website and lures victims into completing CAPTCHA verification.
"Inserting a CAPTCHA page into the phishing sequence could make it more difficult for automated systems to reach the final phishing page, while a human could easily click through to the next page," said Microsoft, which urged the use of FIDO2 security keys and other phishing-resistant authentication to curb attacks.
Email security, Vulnerability Management
High-volume attacks facilitated by open-source AiTM phishing kit
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds