"CISA's Tools Combat Phishing and Hacking in Microsoft Cloud"

Microsoft's Threat Intelligence team has uncovered a phishing kit that allows attackers to bypass multi-factor authentication (MFA) and mimic Microsoft Office or Outlook. The kit, which is being sold on cybercrime forums and Telegram channels, uses an adversary-in-the-middle (AitM) campaign to intercept and modify communications between a user and a website or service to steal sensitive information. The phishing kit logs in to the legitimate service using stolen credentials and forwards the MFA request to the user, who provides it. The phishing kit then proxies that information to the legitimate website, allowing the attacker to access the legitimate service as the user. Microsoft recommends deploying and maintaining MFA, enabling conditional access and Azure AD security defaults, deploying security solutions on the network, keeping software and operating systems up to date, and educating users about computer security and cybercrime to protect against this AitM threat.