01. EvilProxy Phishing Targets 120K Microsoft 365 Users
The EvilProxy phishing campaign has targeted 120,000 Microsoft 365 users, focusing on MFA-protected
firm Proofpoint discovered a surge in cloud account takeovers, impacting top executives. EvilProxy utilizes
impersonation, bot evasion, and open redirections. This phishing-as-a-service platform steals authentication
from legitimate login forms, bypassing MFA.
Sold for $400/month, EvilProxy targets major accounts. A recent campaign by Proofpoint, using EvilProxy,
brands like Adobe. The attack involves multiple redirections before a tailored EvilProxy phishing page.
IPs are spared, possibly indicating a Turkish origin. VIP targets are prioritized, with breached accounts
attacker-controlled MFA. Protection entails heightened security awareness, robust email filters, and