""Since March 15, 2026, we have observed 10 to 15 distinct campaigns launching every 24 hours. Each campaign is distributed at scale, targeting hundreds of organizations with highly varied and unique payloads, making pattern-based detection more challenging.""
""Post-compromise activity shows a consistent focus on finance-related personas, with automated email exfiltration observed in those accounts. This marks a significant escalation in threat actor sophistication.""
""EvilTokens is a new Microsoft device-code phishing kit that has been sold as a service since mid-February, allowing buyers to bypass multi-factor authentication and silently authenticate as the victim to the organization's Microsoft 365 applications.""
A Microsoft device-code phishing campaign has been compromising hundreds of organizations daily since March 15, 2026. The campaign employs AI and automation, making detection difficult due to varied payloads. Attackers target organizations globally, focusing on finance-related accounts for automated email exfiltration. The EvilTokens phishing kit, sold as a service, allows bypassing multi-factor authentication. This campaign represents a significant escalation in threat actor sophistication, with a consistent pattern of targeting finance-related personas across various sectors.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]