An open source Adversary-in-The-Middle (AiTM) phishing kit has found new users in the cybercrime world for its ability to make cyberattacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging name DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target's password and session cookies by deploying a proxy server between the user and the website.
Such attacks are more effec
Activity Summary - Week Ending on 12 August 2022:
- Red Sky Alliance identified 23,968 connections from new IP’s checking in with our Sinkholes
- ril.com Hit
- Analysts identified 765 new IP addresses participating in various Botnets
- Zeppelin Ransomware
- Exim
- SmokeLoader
- RapperBot
- AiTM Phishing
- BlenderBot
- PortDoor & CotSam
Link to full report: IR-22-224-001_weekly224.pdf
Activity Summary - Week Ending on 29 July 2022:
- Red Sky Alliance identified 25,992 connections from new IP’s checking in with our Sinkholes
- Hetzner 10x
- Analysts identified 309 new IP addresses participating in various Botnets
- Ransomware UpDate
- Adversary-in-the-Middle - AiTM
- South Africa under Attack
- Mercenary Spyware
- T-Mobile
- US Electric Grid
- Kherson Ukraine
Link to full report: IR-22-210-002_weekly210.pdf
