Find notable cyber news and cases, enriched with sources, timelines, and signals.

Multi-stage AitM phishing and BEC campaign against energy-sector organizations

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

A multi-stage AitM phishing and BEC operation is targeting multiple energy-sector organizations, creating immediate risk of credential theft and unauthorized mailbox access. The attackers are abusing SharePoint file-sharing services and inbox rules to keep access hidden while spreading phishing through trusted identities. In one case, the operation delivered more than 600 emails, showing broad internal and external reach. The activity can outlast simple password resets because the adversary also steals session cookies and preserves persistence inside compromised mailboxes.

Related Happenings

PCPJack covert SMTP relay campaign

Campaign
H score37 First: 05.06.2026 08:34 Last: 05.06.2026 08:34 Sources 1

About this happening: The **PCPJack** campaign converted hijacked **AWS, Google Cloud, and Microsoft Azure** servers into a covert **SMTP relay network**, enabling large-scale email delivery through ve...

Senior executive at major global stock exchange hit by data theft breach

Incident
H score7 First: 03.06.2026 15:46 Last: 03.06.2026 15:46 Sources 1

About this happening: A senior executive at a major global stock exchange suffered an **email account compromise** that enabled **months of unauthorized mailbox access** and data theft. The intrusion b...

Microsoft Exchange Online mail flow disruption

Service Disruption
H score25 First: 02.06.2026 20:02 Last: 02.06.2026 20:02 Sources 1

About this happening: Microsoft is addressing a **widespread Exchange Online service disruption** that is delaying and failing email delivery for customers across **North America** and **Germany**. The...

CypherLoc phishing-led browser scareware campaign

Campaign
H score49 First: 20.05.2026 13:00 Last: 20.05.2026 13:00 Sources 1

About this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...

Google sponsored search ManageWP phishing campaign

Campaign
H score13 First: 07.05.2026 00:36 Last: 07.05.2026 00:36 Sources 1

About this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...

Timeline

  1. 23.01.2026 10:25 2 articles · 5mo ago

    Microsoft warns of multi-stage AitM phishing and BEC campaign

    Initial Disclosure

    Microsoft warned that unknown attackers are targeting multiple organizations in the energy sector with a multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) campaign. The activity abuses SharePoint file-sharing services to deliver phishing payloads, uses inbox rule creation to maintain persistence and evade user awareness, and in one case drove more than 600 emails to a compromised user's contacts inside and outside the organization. Microsoft also said defenders should revoke active session cookies, remove attacker-created inbox rules, and use phishing-resistant MFA, conditional access policies, continuous access evaluation, and anti-phishing solutions because password resets alone do not remove the threat.

    Show sources