A sophisticated phishing-as-a-service called VoidProxy targets Google and Microsoft accounts, bypassing traditional MFA defenses using adversary-in-the-middle techniques. This operation captures session tokens and credentials, enabling account takeovers and further malicious activities, highlighting the need for advanced protections like passkeys. #VoidProxy #OktaThreatIntel
Keypoints
- VoidProxy is a phishing operation that can bypass multifactor authentication using adversary-in-the-middle methods.
- The operation targets valuable Google and Microsoft accounts through ongoing email phishing campaigns.
- Attackers capture session tokens, MFA codes, and credentials to enable account takeovers and lateral movement.
- Okta and Google have issued warnings and recommended adoption of phishing-resistant authentication methods like passkeys.
- The operation lowers the technical barrier for threat actors, making it easier to launch targeted phishing campaigns.
Read More: https://www.cybersecuritydive.com/news/researchers-voidproxy-phishing-bypass-mfa/760017/