Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Multi-stage AitM phishing and BEC campaign against energy-sector organizations

Campaign
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

A multi-stage AitM phishing and BEC operation is targeting multiple energy-sector organizations, creating immediate risk of credential theft and unauthorized mailbox access. The attackers are abusing SharePoint file-sharing services and inbox rules to keep access hidden while spreading phishing through trusted identities. In one case, the operation delivered more than 600 emails, showing broad internal and external reach. The activity can outlast simple password resets because the adversary also steals session cookies and preserves persistence inside compromised mailboxes.

Related Happenings

CypherLoc phishing-led browser scareware campaign

Campaign
First: 20.05.2026 13:00 Last: 20.05.2026 13:00 Sources 1

About this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...

Open Happening

Google sponsored search ManageWP phishing campaign

Campaign
First: 07.05.2026 00:36 Last: 07.05.2026 00:36 Sources 1

About this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...

Open Happening

UNC6692 email bombing and Microsoft Teams impersonation campaign

Campaign
First: 25.04.2026 18:07 Last: 25.04.2026 18:07 Sources 1

About this happening: UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....

Open Happening

Formbook phishing campaign using DLL sideloading and obfuscated JavaScript

Campaign
First: 20.04.2026 18:01 Last: 20.04.2026 18:01 Sources 1

About this happening: The **Formbook** phishing operation is targeting **Windows** organizations across **Greece, Spain, Slovenia, Bosnia, Croatia** and **South America**, using **DLL sideloading** and...

Open Happening

Turkey-focused low-dollar ransomware campaign using phishing and modified commercial malware

Campaign
First: 16.04.2026 09:00 Last: 16.04.2026 09:00 Sources 1

About this happening: A **Turkey-focused ransomware campaign** has been hitting **individuals and SMBs** with **low-dollar extortion** at scale, making the operation significant despite the modest rans...

Open Happening

Timeline

  1. 23.01.2026 10:25 2 articles · 4mo ago

    Microsoft warns of multi-stage AitM phishing and BEC campaign

    Initial Disclosure

    Microsoft warned that unknown attackers are targeting multiple organizations in the energy sector with a multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) campaign. The activity abuses SharePoint file-sharing services to deliver phishing payloads, uses inbox rule creation to maintain persistence and evade user awareness, and in one case drove more than 600 emails to a compromised user's contacts inside and outside the organization. Microsoft also said defenders should revoke active session cookies, remove attacker-created inbox rules, and use phishing-resistant MFA, conditional access policies, continuous access evaluation, and anti-phishing solutions because password resets alone do not remove the threat.

    Show sources
    Open in new tab