Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to bypass multifactor authentication login protection.
Phishing kits aimed at capturing M365 tokens aren’t new; some reports say these kits have been around since 2021. One of the latest is EvilTokens, which researchers at Sekoia say has been circulating since February. And earlier this month, Microsoft also issued a warning about other adversary-in-the middle phishing schemes that steal authentication tokens, and, separately, about campaigns that exploit OAuth protocol functionality to manipulate URL redirection to bypass conventional phis...