Find notable cyber news and cases, enriched with sources, timelines, and signals.

Star Blizzard custom-built AiTM phishing kit analysis on account.simpleasip[.]org

Technical Analysis
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

Researchers examined a custom-built Star Blizzard phishing kit on account.simpleasip[.]org, exposing an AiTM flow that relays 2FA and manipulates CAPTCHA and password entry. The findings matter because they reveal how the kit helps operators steal ProtonMail credentials with page-level controls rather than simple spoofing. The analysis also provides concrete artifacts for defenders tracking modified login flows and attacker-controlled credential-processing endpoints.

Related Happenings

Instagram accounts for Obama White House hit by account takeover attack

Incident
H score40 First: 01.06.2026 20:32 Last: 01.06.2026 20:32 Sources 1

About this happening: The **Instagram** accounts for the **Obama White House** and the **Chief Master Sergeant of the U.S. Space Force** were briefly **defaced** after attackers abused **Meta’s AI supp...

UNC6783 BPO compromise campaign targeting downstream companies

Campaign
H score65 First: 09.04.2026 00:46 Last: 09.04.2026 00:46 Sources 1

About this happening: **UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...

Microsoft Entra device code phishing and vishing campaign

Campaign
H score40 First: 19.02.2026 14:30 Last: 19.02.2026 14:30 Sources 1

About this happening: A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...

BitB phishing campaign targeting Facebook users

Campaign
H score38 First: 12.01.2026 23:05 Last: 12.01.2026 23:05 Sources 1

About this happening: A **six-month** phishing campaign is using **browser-in-the-browser (BitB)** fake login pop-ups to steal **Facebook credentials**, increasing the risk of **account takeover** and...

Sneaky 2FA BitB phishing activity

Malware Activity
H score28 First: 18.11.2025 20:31 Last: 18.11.2025 20:31 Sources 1

About this happening: The **Sneaky 2FA** phishing kit has added **Browser-in-the-Browser (BitB)** pop-ups, making **credential theft** and **Microsoft account** takeover easier at scale. Attack chains...

Timeline

  1. 03.12.2025 18:45 2 articles · 7mo ago

    Custom Star Blizzard AiTM kit targets ProtonMail

    Technical Analysis Update

    Sekoia.io's TDR team documented a custom-built Star Blizzard phishing kit on account.simpleasip[.]org that targeted ProtonMail accounts with an Adversary-in-the-Middle (AiTM) flow, relayed two-factor authentication (2FA), and used injected JavaScript to keep cursor focus on the password field while an attacker-controlled API handled CAPTCHA and credential processing.

    Show sources