Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Endigest AI Core Summary

Microsoft disclosed a large-scale phishing campaign targeting over 35,000 users across 26 countries using code of conduct lures and AiTM tactics to harvest credentials and bypass MFA.

•Campaign targeted healthcare (19%), financial services (18%), and professional services (11%) sectors across 13,000+ organizations
•Sophisticated HTML templates with authority statements and PDF attachments directed victims to credential harvesting flows
•Attack chain used multiple CAPTCHA challenges and intermediate pages to evade automated security defenses
•2026 data: 8.3 billion email phishing threats detected; QR code phishing grew 146% (7.6M to 18.7M attacks)
•Tycoon 2FA phishing platform shifted hosting from Cloudflare following March disruption operation

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Get the latest tech trends every morning

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)