What is an adversary-in-the-middle phishing attack? After there is enough data and high confidence about the origin or identity of the threat actor, it is given a real threat actor name. Microsoft uses DEV followed by a number as a temporary name for an unknown, emerging or developing cluster of threat activity. SEE: Phishing attacks: A guide for IT pros (free PDF) (TechRepublic) New research from Microsoft’s Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign.Īccording to Microsoft, the threat actor described the kit as a phishing application with “reverse-proxy capabilities, automated setup, detection evasion through an antibot database, management of phishing activity through Telegram bots, and a wide range of ready-made phishing pages mimicking services such as Microsoft Office or Outlook.” Learn how to protect your business from this AitM campaign.
Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit.
0 kommentar(er)
