Large-Scale Code of Conduct Phishing Campaign Targets 35,000 Users

Severity: High (Score: 71.0)

Sources: Cybersecuritynews, Gbhackers, Blogs.Microsoft

Summary

A sophisticated phishing campaign themed around code of conduct documents has compromised over 35,000 users from 13,000 organizations. The multi-stage attack occurred between April 14 and April 16, 2026, primarily affecting users in the United States. Attackers utilized social engineering tactics and legitimate email services to distribute fully authenticated messages from domains they controlled. Microsoft Defender Research reported that the campaign led to the compromise of authentication tokens through an Account Takeover (AiTM) method. The attack highlights the evolving nature of phishing threats and the need for enhanced security measures. Current status indicates ongoing investigations and heightened awareness among targeted organizations. Key Points: • Over 35,000 users from 13,000 organizations were targeted in a phishing campaign. • The attack used code of conduct-themed lures and multi-step methods for credential theft. • Microsoft Defender identified the campaign as leading to AiTM token compromises.

Key Entities

• Phishing (attack_type)
• Code Of Conduct Phish (campaign)
• United States (country)
• T1566 - Phishing (mitre_attack)