all InfoSec news
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Malware Analysis, News and Indicators - Latest topics malware.news
Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations. The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations. This attack shows the complexity of AiTM and BEC threats, which abuse trusted relationships between vendors, suppliers, and other partner organizations with the intent of financial fraud.
Figure 1. AiTM and BEC attacks spanning multiple suppliers …
adversary adversary-in-the-middle aitm aitm phishing attack attacks banking bec business business email compromise campaign complexity compromise compromised defender email email compromise experts financial financial services microsoft microsoft defender organizations phishing series services spanning stage vendor