A sophisticated phishing attack targeted over 35,000 users across 13,000 organizations between April 14-16, 2026, using fake "code of conduct" emails to steal credentials. The attackers used adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication by hijacking active login sessions in real-time.
The campaign primarily hit the United States (92% of victims) and targeted healthcare, financial services, and technology sectors. Victims received professional-looking emails claiming conduct violations, with PDF attachments leading to fake Microsoft login pages. The attackers positioned themselves between users and legitimate Microsoft services, capturing authentication tokens that provided direct account access without passwords.
Microsoft Defender Research tracked the campaign, noting its use of legitimate email services and polished HTML templates that made detection difficult. Organizations should enable phishing-resistant MFA methods like FIDO keys and implement comprehensive email security measures.
Source: Cybersecurity News