GET DEMO
Back
GET DEMO
KEEPNET LABS > Blog > AiTM Phishing Attack Targeting Enterprise Users of Microsoft & Gmail Email Services

AiTM Phishing Attack Targeting Enterprise Users of Microsoft & Gmail Email Services

Phishing attacks would have started in mid-July 2022 with a plan similar to a social engineering campaign. Threat actors place a proxy server between the target user’s website and the phishing website. Google Workspace users are also targets for threats behind a large-scale campaign.

An aitm-based phishing campaign targeting business users of Microsoft products such as email services. Even Google Workspace users are also targets for threats behind a large-scale campaign. Aitm phishing attacks refer to attacks in which threat actors place a proxy server between the target user’s website and the phishing website. Dec. A proxy server is located between the target website and the domain Decommissioned by the attackers. Attackers can access the traffic through a proxy server, which allows them to capture the password and cookies associated with the target and gain access to its data.

Zscaler researchers Sudeep Singh and Jagadiswar told Ramanukolan: “In this campaign, special attention was paid to executives and other senior employees of multinational companies who use Google Workspace as their primary means of communication.” Aitm phishing attacks would have started in mid-July 2022 with a plan similar to a social engineering campaign designed to pump Microsoft users’ credentials and even bypass multi-factor authentication. An email containing a malicious link is sent to the user who initiated the attack. Open the redirect as a result of using multiple routing steps through this link, the user’s Gmail phishing pages managed by an attacker using explicit routing are directed to the target domain. However, before the server presents a real phishing page to the client, there is an October step to make sure that the client is a real user viewing the web page instead of the system automatically performing the analysis. The attack chain consists of several components, all of which are interconnected. As for the attack vector, this campaign was using emails with embedded links, which were used to distribute malicious code.

It is specially designed to send these emails to the managers and senior employees of the organization, as well as to other target contacts. This turned out to be an email from Google reminding him that the password had expired and asking him to follow the link so that the recipient could expand the account.

Phishing Test Software

The human factor is the weakest point in your security posture and may be used against you regardless of how secure your network, computers, and software are. Traditional security measures are insufficient to stop these attacks. Using phishing test platforms that replicate phishing attacks is an effective security measure.

Phishing Training for Employees

Phishing is one of the most successful ways cybercriminals access companies' passwords and other security credentials. A cybercriminal impersonates a legitimate person or entity and sends a fake email to manipulate employees. Companies need to train their employees not to click on links or attachments in suspicious emails.

Protect Yourself Against Keyloggers

Keyloggers are one of the most common and deadly cybersecurity threats. It is a type of malware that records keystrokes and sends them back to the cybercriminal. Hackers can access accounts, banking systems, or even bitcoin wallets thanks to keyloggers.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.