securityonline.info 7/17/2026, 10:01:40 AM · external

Budapest server leak fuels Evilginx phishing on Microsoft 365

Budapest server leak fuels Evilginx phishing on Microsoft 365
Developing story incident 3 articles tracked
Misconfigured server exposes Evilginx phishing operators targeting Microsoft 365
CyberSIXT Evidence Panel
Primary Source blog.lexfo.fr

A recent security report reveals a critical exposure linked to three phishing operators utilizing the Evilginx framework to bypass multi-factor authentication (MFA) on Microsoft 365 accounts. The report, based on LEXFO's investigation, details how a misconfigured server in Budapest allowed unauthorized access to phishing tools and logs, exposing a network of attackers: codemado, mail-argenta, and saroula01. They targeted corporate accounts and crypto platforms across 12 countries, claiming over 218 victims.

Their operations leverage techniques like Device Code Flow to capture authentication tokens while impersonating genuine login processes. As post-attack activity continues, cybersecurity experts recommend implementing phishing-resistant MFA, tightening conditional access, and monitoring user logs for unusual activities.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline