Resolved -
Dear Customers,
An Axon report on the Adversary-in-the-Middle (AiTM) campaign was released. The report includes:
Indicators of Compromise (IOCs)
Threat-hunting queries
Insights into relevant hits
If you have any questions or need further assistance, please feel free to reach out.
Sincerely,
Team AXON
Nov 19, 14:30 UTC
Investigating -
Dear customers,
Team AXON is aware of an ongoing Adversary-in-the-Middle (AiTM) campaign, targeting Microsoft 365 user accounts, using Axios infrastructure.
This infrastructure provides the threat actor with the capability of intercepting HTTP traffic, to steal the credentials and/or session tokens of victim users. Users that authenticate using MFA are also vulnerable to this kind of attack.
A threat-focused threat-hunting related to this campaign is now on-going. In case of any significant finding that requires your attention, we’ll of course reach out.
An AXON report will be available for all of our AXON customers as soon as the Rapid Response efforts are concluded.
Please don’t hesitate to contact us in case of any questions.
Sincerely,
Team AXON.
Nov 17, 10:49 UTC