Multi-stage AitM phishing and BEC campaign against energy-sector organizations
Campaign
Summary
Hide ▲
Show ▼
A multi-stage AitM phishing and BEC operation is targeting multiple energy-sector organizations, creating immediate risk of credential theft and unauthorized mailbox access. The attackers are abusing SharePoint file-sharing services and inbox rules to keep access hidden while spreading phishing through trusted identities. In one case, the operation delivered more than 600 emails, showing broad internal and external reach. The activity can outlast simple password resets because the adversary also steals session cookies and preserves persistence inside compromised mailboxes.
Related Happenings
PCPJack covert SMTP relay campaign
Campaign
H score37
First: 05.06.2026 08:34
Last: 05.06.2026 08:34
Sources 1
About this happening:
The **PCPJack** campaign converted hijacked **AWS, Google Cloud, and Microsoft Azure** servers into a covert **SMTP relay network**, enabling large-scale email delivery through ve...
PCPJack covert SMTP relay campaign
CampaignAbout this happening: The **PCPJack** campaign converted hijacked **AWS, Google Cloud, and Microsoft Azure** servers into a covert **SMTP relay network**, enabling large-scale email delivery through ve...
Senior executive at major global stock exchange hit by data theft breach
Incident
H score7
First: 03.06.2026 15:46
Last: 03.06.2026 15:46
Sources 1
About this happening:
A senior executive at a major global stock exchange suffered an **email account compromise** that enabled **months of unauthorized mailbox access** and data theft. The intrusion b...
Senior executive at major global stock exchange hit by data theft breach
IncidentAbout this happening: A senior executive at a major global stock exchange suffered an **email account compromise** that enabled **months of unauthorized mailbox access** and data theft. The intrusion b...
Microsoft Exchange Online mail flow disruption
Service Disruption
H score25
First: 02.06.2026 20:02
Last: 02.06.2026 20:02
Sources 1
About this happening:
Microsoft is addressing a **widespread Exchange Online service disruption** that is delaying and failing email delivery for customers across **North America** and **Germany**. The...
Microsoft Exchange Online mail flow disruption
Service DisruptionAbout this happening: Microsoft is addressing a **widespread Exchange Online service disruption** that is delaying and failing email delivery for customers across **North America** and **Germany**. The...
CypherLoc phishing-led browser scareware campaign
Campaign
H score49
First: 20.05.2026 13:00
Last: 20.05.2026 13:00
Sources 1
About this happening:
The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...
CypherLoc phishing-led browser scareware campaign
CampaignAbout this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...
Google sponsored search ManageWP phishing campaign
Campaign
H score13
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Timeline
-
23.01.2026 10:25 2 articles · 5mo ago
Microsoft warns of multi-stage AitM phishing and BEC campaign
Initial DisclosureMicrosoft warned that unknown attackers are targeting multiple organizations in the energy sector with a multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) campaign. The activity abuses SharePoint file-sharing services to deliver phishing payloads, uses inbox rule creation to maintain persistence and evade user awareness, and in one case drove more than 600 emails to a compromised user's contacts inside and outside the organization. Microsoft also said defenders should revoke active session cookies, remove attacker-created inbox rules, and use phishing-resistant MFA, conditional access policies, continuous access evaluation, and anti-phishing solutions because password resets alone do not remove the threat.
Show sources
- Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms — thehackernews.com — 23.01.2026 10:25
- Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms — thehackernews.com — 23.01.2026 10:25