Summary: A phishing campaign leveraging Microsoft Active Directory Federation Services (ADFS) is bypassing multifactor authentication (MFA) to hijack user accounts, predominantly targeting educational institutions. The attackers employ spoofed emails that lead victims to fake ADFS login pages, enabling them to harvest credentials and MFA codes for broader malicious activities. This exposes the vulnerabilities of organizations that still rely on legacy SSO capabilities embedded in ADFS while highlighting the urgent need for improved cybersecurity defenses.
Affected: Educational institutions, healthcare, government, technology, transportation, automotive, manufacturing sectors
Keypoints :
- Phishing campaign bypasses MFA by exploiting vulnerabilities in Microsoft ADFS.
- The majority of attacks are directed at schools and universities, which often have weaker cybersecurity measures.
- Attackers utilize spoofed emails and fraudulent login pages to trick users into revealing credentials and MFA codes.
- Recommendations for organizations include transitioning to modern authentication solutions and enhancing user education and email filtering systems.