The cybercrime world has shown significant interest in an open source phishing kit known as the adversary-in-the-middle (AiTM) due to its capacity to orchestrate large-scale attacks. DEV-1101, the emerging alias for the threat actor responsible for creating the kit, is being monitored by Microsoft Threat Intelligence.

AiTM phishing attacks involve deploying a proxy server between the user and the website, allowing the attacker to intercept session cookies and passwords. These attacks are particularly effective as they can bypass multi-factor authentication (MFA) safeguards.

According to a technical report by Microsoft, DEV-1101 is responsible for developing multiple phishing kits that are available for purchase or rental by other criminal actors. The use of such kits in the cybercriminal economy reduces the effort and resources required to launch a phishing campaign, thus lowering the barrier of entry for cybercrime.

This service-based economy also leads to double theft, wherein the stolen credentials are sent to both the phishing-as-a-service provider and their customers. The open source kit developed by DEV-1101 offers features such as the ability to set up phishing landing pages that mimic Microsoft Office and Outlook, manage campaigns from mobile devices, and use CAPTCHA checks to evade detection.

The attack sequence initiates with email messages that have a document theme and include a link to a PDF document. Upon clicking the link, the recipient is directed to a login page that impersonates Microsoft’s sign-in portal. However, before gaining access, the victim is prompted to complete a CAPTCHA step.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s