Summary
On July 12, 2022, Microsoft researchers disclosed a large-scale phishing campaign that has targeted more than 10,000 organizations since September 2021. The campaign used adversary-in-the-middle (AiTM) phishing sites to proxy the authentication process and hijack the victims’ Office 365 session cookies.
With these stolen session cookies, the attackers were able to authenticate to Office 365 as the victims and perform a whole slew of malicious activities from the user’s mailboxes, such as business email compromise (BEC).