Adversary-in-the-Middle Phishing Campaign Leveraging Compliance-Themed Lures Targets US Organizations

Timeline

1. 05.05.2026 17:45 1 articles · 11h ago

   High-volume AiTM Phishing Campaign Targets US Organizations via Compliance-Themed Lures

   A phishing campaign conducted between April 14 and 16, 2026, used compliance-themed emails and PDF attachments to redirect victims through Cloudflare CAPTCHA pages and ultimately intercept Microsoft account credentials via adversary-in-the-middle (AiTM) phishing. Over 35,000 attempts were observed across 13,000 organizations in 26 countries, with 92% of targets in the U.S. The attack chain involved legitimate email delivery services, cloud-hosted Windows VMs, and attacker-controlled domains to evade detection. AiTM phishing allowed real-time interception of authentication tokens, bypassing non-phishing-resistant MFA.

   Show sources

   • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45

   Open in new tab

Information Snippets

• Over 35,000 phishing attempts were observed between April 14 and 16, 2026.

  First reported: 05.05.2026 17:45
  1 source, 1 article
  Show sources

  • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45

• The campaign targeted roughly 13,000 organizations across 26 countries, with 92% of targets in the United States.

  First reported: 05.05.2026 17:45
  1 source, 1 article
  Show sources

  • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45

• Targeted sectors included healthcare and life sciences, financial services, professional services, and technology/software.

  First reported: 05.05.2026 17:45
  1 source, 1 article
  Show sources

  • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45

• Phishing emails used display names such as 'Team Conduct Report', 'Workforce Communications', and 'Internal Regulatory COC', and subject lines like 'Reminder: employer opened a non-compliance case log' and 'Internal case log issued under conduct policy'.

  First reported: 05.05.2026 17:45
  1 source, 1 article
  Show sources

  • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45

• Emails were sent using a legitimate email delivery service from multiple sender addresses using attacker-controlled domains originating from cloud-hosted Windows virtual machines.

  First reported: 05.05.2026 17:45
  1 source, 1 article
  Show sources

  • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45

• Attachments were PDFs titled 'Awareness Case Log File' or 'Disciplinary Action', containing a link to 'Review Case Materials' that redirected to a Cloudflare CAPTCHA page.

  First reported: 05.05.2026 17:45
  1 source, 1 article
  Show sources

  • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45

• Victims were prompted to enter their email address, complete a second CAPTCHA, and then sign in to their Microsoft account via an adversary-in-the-middle (AiTM) phishing page that intercepted authentication tokens in real time.

  First reported: 05.05.2026 17:45
  1 source, 1 article
  Show sources

  • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45

• AiTM phishing bypasses non-phishing-resistant MFA mechanisms by capturing authentication traffic during the session.

  First reported: 05.05.2026 17:45
  1 source, 1 article
  Show sources

  • Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations — www.securityweek.com — 05.05.2026 17:45