A recent security report reveals a critical exposure linked to three phishing operators utilizing the Evilginx framework to bypass multi-factor authentication (MFA) on Microsoft 365 accounts. The report, based on LEXFO's investigation, details how a misconfigured server in Budapest allowed unauthorized access to phishing tools and logs, exposing a network of attackers: codemado, mail-argenta, and saroula01. They targeted corporate accounts and crypto platforms across 12 countries, claiming over 218 victims.
Their operations leverage techniques like Device Code Flow to capture authentication tokens while impersonating genuine login processes. As post-attack activity continues, cybersecurity experts recommend implementing phishing-resistant MFA, tightening conditional access, and monitoring user logs for unusual activities.