In the roughly five months that the Okta phishing campaign has been active, it has racked up 9,931 login credentials from about 130 organizations. 5,541 included MFA codes, and 3,120 included the victim's email account.
Hackers Target 10,000 Organizations With a New MFA Bypass in Coordinated Phishing Campaign on Office 365 Users
Microsoft discovered a coordinated phishing campaign targeting Office 365 users and leveraging an Adversary-in-the-Middle (AiTM) MFA bypass to execute business email compromise (BEC) attacks and commit fraud.
Security researchers have documented a Facebook credential phishing campaign that has been active since late 2021, and has been highly successful in duping victims using an authentic-looking spoofed login page.
Legitimate NHS Email Accounts Exploited in Credential Harvesting Phishing Campaign and Advance-Fee Scams
Threat actors leveraged 139 compromised NHS email accounts to send thousands of malicious emails in a credential harvesting phishing campaign and advance-fee scam.
The embassy phishing campaign is just one element of a rash of recent activity by the Russian hackers referred to as APT 29, probably better known to the general public as Cozy Bear.
SolarWinds Hackers Return, Launch Phishing Campaign Using Compromised Account of US Foreign Aid Agency
The SolarWinds hackers are back again, this time leveraging the stolen email account of a United States federal agency to run a phishing campaign against 150 government entities in 24 countries.
Researchers found that hackers were harvesting enterprise login details by overlaying legitimate companies' webpages with fake login prompts in an email phishing campaign.
Widespread “Perswaysion” Phishing Campaign Is Targeting the C-Suite of Hundreds of International Organizations
A new phishing campaign that chains exploits from Microsoft’s Sway, OneNote and Sharepoint services is targeting C-suite executives at a wide range of organizations worldwide.
Since March 2019, hackers have been targeting the UN and affiliated humanitarian aid organizations with a sophisticated, mobile-centric phishing campaign to harvest Microsoft Office 365 login credentials.