Unmasking EvilProxy: The New PhaaS Threat Targeting High-Ranking Executives and Microsoft 365 Users

Unmasking EvilProxy: The New PhaaS Threat Targeting High-Ranking Executives and Microsoft 365 Users

The Web Just Got a Little More Sinister: Enter EvilProxy

• Threat actors are using a new phishing-as-a-service (PhaaS) toolkit, fondly named EvilProxy, to conduct account takeover attacks.
• High-ranking executives at prominent companies seem to be the main targets.
• According to Proofpoint, these criminals have targeted thousands of Microsoft 365 user accounts.

Fasten your cyber seatbelts, folks, because the information superhighway just became a little more bumpy with the introduction of EvilProxy. This isn’t your friendly neighborhood proxy. Instead, it’s a phishing-as-a-service (PhaaS) toolkit. Unlike Spider-man, who catches thieves just like flies, this one seems to be helping the thieves!

Executives Beware: EvilProxy Has its Sights Set High

They say it’s lonely at the top, but with EvilProxy, high-ranking executives are never really alone. These cyber criminals have a peculiar taste for high places, as they appear to specifically target high-ranking executives at prominent companies for their account takeover attacks. EvilProxy is the digital equivalent of the corporate ladder – but instead of climbing it, this toolkit is about pulling the digital rug from under executives’ feet.

The Proof is in the Proofpoint: Hitting Microsoft 365 Users Hard

The cyber security firm Proofpoint reports that the ongoing hybrid campaign involves this toolkit and takes aim at Microsoft 365 user accounts – thousands of them. Imagine coming home from a tech conference only to find that you’ve received about 120,000 phishing emails to hundreds of organizations. If ever there was a time for Microsoft’s Outlook to be on the lookout, this would be it!

In Summary

In the cyber-infested waters of the online world, a new PhaaS toolkit, EvilProxy, is making waves. High-ranking corporate executives, in particular, need to be cautious as they seem to be the desired targets for account takeover attacks. The toolkit, which is part of an ongoing hybrid campaign, has specifically targeted Microsoft 365 user accounts, sending out a staggering 120,000 phishing emails to hundreds of organizations. Whether you’re swinging from the web or navigating it, always remember: not all proxies come in peace!

Original Article: https://thehackernews.com/2023/08/cybercriminals-increasingly-using.html

Leave a Reply

Your email address will not be published. Required fields are marked *


Your Cart Is Empty

No products in the cart.