At least 18 American universities have been targeted in a coordinated phishing attack that lasted for several months, aiming to steal student and staff account details even when multi-factor authentication was enabled, based on information published by HackRead.The campaign, which ran from April to November 2025, utilized the open-source phishing kit Evilginx, employing an adversary-in-the-middle (AiTM) strategy. Attackers sent personalized emails with TinyURL links that mimicked legitimate university single sign-on portals. When a user clicked, Evilginx intercepted the login process, stealing credentials and the session cookie granted after MFA completion, thereby hijacking accounts. The University of San Diego was the first recorded victim on April 12, 2025. Top targets included the University of California, Santa Cruz, the University of California, Santa Barbara, the University of San Diego, Virginia Commonwealth University, and the University of Michigan. The attackers actively concealed their tracks by frequently changing links and using services like Cloudflare to mask server locations, though DNS pattern analysis by Infoblox helped uncover the nearly 70 domains involved.This sophisticated attack highlights the evolving tactics of cybercriminals in bypassing multi-factor authentication, a critical security layer. The incident underscores the vulnerability of educational institutions, which remain attractive targets due to the sensitive data they hold. It emphasizes the need for enhanced cybersecurity awareness training for students and staff, alongside prompt reporting of suspicious activities, to mitigate the impact of such advanced phishing campaigns and protect invaluable digital assets.Source: HackRead
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds