Thehackernews
Misconfigured Server Exposes Evilginx Phishing Operations Targeting Microsoft 365
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A misconfigured server in Budapest has exposed a phishing operation targeting Microsoft 365 users. The server was running a Python HTTP server with directory listing enabled, allowing access to phishing configurations and credential logs. Researchers identified three separate Evilginx operations leveraging this setup to bypass multi-factor authentication and steal OAuth tokens. The exposed server's IP address was 185.163.204. The incident highlights vulnerabilities in Microsoft 365's security measures. Currently, there are no specific CVEs reported, but the phishing campaigns are ongoing. Security professionals are urged to review their defenses against such tactics. The scope of impact includes any organization using Microsoft 365 that could fall victim to these phishing attempts.
Key Points: • A misconfigured server in Budapest exposed live phishing operations targeting Microsoft 365. • Three distinct Evilginx phishing campaigns were identified, bypassing multi-factor authentication. • Organizations using Microsoft 365 are at risk due to these ongoing phishing operations.