Tycoon and Storm-1575 groups are identified as key players, with Tycoon offering MFA bypass as a service and Storm-1575 targeting Microsoft 365 credentials.
Public schools across the United States are facing a surge in sophisticated phishing campaigns, according to a new report by PIXM, a cybersecurity firm specializing in artificial intelligence solutions.
Threat actors launch targeted spear phishing attacks using stealthy attack patterns to target officials at large US school districts, bypassing MFA protections.
The report highlights a worrying trend: attackers are increasingly employing tactics to bypass Multi-Factor Authentication (MFA), a security measure previously thought to offer robust protection.
Since December 2023, a surge in MFA-based phishing campaigns targeting US teachers, staff, and administrators has been observed, using dadsec and Phishing-as-a-Service (PhaaS) platforms to compromise administrator email accounts and deliver ransomware, researchers noted.
Tycoon and Storm-1575
PIXM discovered phishing activity in November 2023 and linked it to Tycoon and Storm-1575 threat groups. These groups were singled out because of their common attack pattern. Both actors use social engineering techniques, spoofing emails to appear legitimate and using AiTM (Adversary-in-the-Middle) phishing to bypass MFA tokens and session cookies.
They also create customized login experiences and use dadsec and phisingkit PhaaS services to point at legitimate sites. Their infrastructure, including C2 servers, domain generation algorithms, legitimate hosting services, and SSL certificates, ..
Support the originator by clicking the read the rest link below.
