Attackers continually refine their methods to compromise user identities and gain unauthorized access to sensitive systems. One particularly insidious threat is Evilginx, a phishing framework designed to bypass traditional multi-factor authentication (MFA) by operating as an adversary-in-the-middle (AitM), sometimes known as man-in-the-middle (MitM), proxy. Evilginx intercepts and manipulates communication between users and legitimate sites, enabling attackers to steal credentials, session cookies, and other sensitive data. It’s a favorite tool of threat groups such as the Russian-based Star Blizzard, as warned in a joint advisory from CISA, the UK National Cyber Security Centre, the Australian Cyber Security Centre, and the Canadian Centre for Cyber Security, among other governmental security bodies.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2024/11/how-to-prevent-evilginx-attacks-targeting-entra-id/
