TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Security Affairs

Microsoft warns of global campaign stealing auth tokens from 35K users

Pierluigi Paganini · 1 day ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1566.002Spearphishing Link
99%
“microsoft warns of global campaign stealing auth tokens from 35k users microsoft revealed a phishing campaign hitting 35, 000 users in 26 countries, stealing login tokens via fake code - of - conduct emails and legit services. microsoft disclosed a major phishing campaign that ta…”
T1566.002Spearphishing Link
99%
“messages to pressure victims into action, leading them to a fake but legitimate - looking sign - in page. this adversary ‑ in ‑ the ‑ middle ( aitm ) phishing flow let attackers intercept authentication tokens in real time, bypassing weak mfa. microsoft urges training, anti - phi…”
T1566.002Spearphishing Link
45%
“. “ following these steps, users were redirected to a third site hosting the final stage of the attack. analysis of the underlying code indicates that the final destination varied depending on whether the user accessed the workflow from a mobile device or a desktop system. ” cont…”
T1111Multi-Factor Authentication Interception
44%
“messages to pressure victims into action, leading them to a fake but legitimate - looking sign - in page. this adversary ‑ in ‑ the ‑ middle ( aitm ) phishing flow let attackers intercept authentication tokens in real time, bypassing weak mfa. microsoft urges training, anti - phi…”

Summary

Microsoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers used fake “code of conduct” emails sent through legitimate platforms to trick recipients into visiting bogus […]