According to Microsoft, a new multi-stage adversary-in-the-middle phishing and business email compromise attack targets banking and financial services organisations. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organisations,” the tech giant revealed in a report on Thursday.
Microsoft criticised the group for using an indirect proxy to carry out the attack and is tracking the cluster under the newly coined name Storm-1167.This demonstrated the continued sophistication of AitM attacks and allowed the attackers to adaptably alter the phishing sites to their targets and carry out session cookie stealing.