Phishing Attack Targets Microsoft ADFS to Steal Credentials and Bypass MFA
IT Pro
|
Contributed by: Reid Stephan
Summary
A new phishing campaign is leveraging Microsoft’s Active Directory Federation Services (ADFS) to steal user credentials and circumvent multi-factor authentication (MFA). According to research from Abnormal Security, attackers are creating convincing spoofed ADFS sign-in pages that resemble legitimate portals to deceive users into providing their credentials and secondary authentication codes. The campaign starts with emails that impersonate urgent IT helpdesk notifications, featuring obfuscated URLs and dynamic organizational branding to enhance credibility. Post-compromise, attackers also implement covert mail filters to intercept responses and maintain persistence, with over 150 organizations reportedly targeted.
