Gandalf_The_Grey
Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,415
A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials.
Like other AiTM platforms, Rockstar 2FA enables attackers to bypass multifactor authentication (MFA) protections on targeted accounts by intercepting valid session cookies.
These attacks work by directing victims to a fake login page that mimics Microsoft 365 and tricking them into entering their credentials.
The AiTM server acts as a proxy, forwarding those credentials to Microsoft's legitimate service to complete the authentication process and then captures the cookie when it is sent back to the target's browser.
This cookie can then be used by the threat actors for direct access to the victim's account, even if it's MFA protected, with the threat actor not needing the credentials at all.
New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials.
