Rockstar 2FA is a new Phishing-as-a-Service platform that targets Microsoft 365 accounts by intercepting login attempts and bypassing MFA using AiTM techniques.
The campaign leverages Adversary-in-the-Middle (AiTM) techniques to capture session cookies, allowing attackers to gain account access without needing login credentials.
Phishing emails are spread through compromised services like email marketing platforms, making them appear more trustworthy and increasing their chances of success.
Rockstar 2FA has successfully compromised Microsoft 365 accounts since May, with a peak in attacks over the summer, suggesting a persistent threat.
Collection
[
|
...
]