EvilTokens device-code phishing kit totally more evil than we all thought
ID: ac02ad61-8900-5ad5-a714-4c719754784e
STIX ID: report--ac02ad61-8900-5ad5-a714-4c719754784e
Feed Name: The Register (Security)
The report details the EvilTokens device-code phishing kit and an associated ARToken phishing-as-a-service operation that bypasses Microsoft 365 MFA to silently authenticate as victims; attackers use targeted invoice lures, legitimate-looking SharePoint hosts, and sophisticated evasion. Cisco Talos found evidence of large-scale campaigns (multiple daily waves), infrastructure and API sharing with EvilTokens, and a mature post-exploitation/BEC toolkit that offers Outlook read/send access, inbox rules, token management, and persistence mechanisms.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
