“through an authorized internal channel. ” a large - scale credential theft campaign observed by microsoft defender research exemplifies this trend, using code of conduct - themed lures. a green banner referencing paubox encryption further reinforced legitimacy, especially for org…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
90%
“code of conduct phish hits 35, 000 users in multi - stage aitm attack a highly sophisticated phishing campaign leveraging code - of - conduct - themed lures has targeted more than 35, 000 users across 13, 000 organizations. the multi - stage attack, observed between april 14 and …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
87%
“redirected to the final stage. the final stage presented a microsoft sign - in page as part of an adversary - in - the - middle ( aitm ) attack. unlike traditional phishing, which steals credentials, aitm attacks intercept authentication sessions in real time. after clicking the …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
77%
“redirected to the final stage. the final stage presented a microsoft sign - in page as part of an adversary - in - the - middle ( aitm ) attack. unlike traditional phishing, which steals credentials, aitm attacks intercept authentication sessions in real time. after clicking the …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1557Adversary-in-the-Middle
59%
“redirected to the final stage. the final stage presented a microsoft sign - in page as part of an adversary - in - the - middle ( aitm ) attack. unlike traditional phishing, which steals credentials, aitm attacks intercept authentication sessions in real time. after clicking the …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
56%
“redirected to the final stage. the final stage presented a microsoft sign - in page as part of an adversary - in - the - middle ( aitm ) attack. unlike traditional phishing, which steals credentials, aitm attacks intercept authentication sessions in real time. after clicking the …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A highly sophisticated phishing campaign leveraging code-of-conduct-themed lures has targeted more than 35,000 users across 13,000 organizations. The multi-stage attack, observed between April 14 and April 16, 2026, highlights how threat actors are refining social engineering, delivery infrastructure, and authentication abuse to bypass modern defenses. The campaign primarily impacted users in the United States, accounting […]