Phishing-as-a-Service Gets Smarter Microsoft Sounds Alarm on AiTM Attacks


As part of the phishing-as-a-service (PhaaS) cybercrime paradigm, Microsoft is warning of a rise in adversary-in-the-middle phishing techniques. The IT giant highlighted that existing phishing services like PerSwaysion are integrating AiTM capabilities in addition to an increase in PhaaS platforms with AiTM capabilities.

The Microsoft Threat Intelligence team stated in a series of posts on X (previously Twitter) that “this development in the PhaaS ecosystem enables attackers to conduct high-volume phishing campaigns that attempt to circumvent MFA protections at scale.” Such attacks ultimately aim to steal session cookies, giving threat actors access to privileged systems without having to reauthenticate.

Read More…