Skip to content
Auto-CTI
Back to today
NEW HIGH C3

Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

C The Hacker News ·

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key insight

The discovery of a misconfigured Evilginx infrastructure with three active phishing campaigns targeting Microsoft 365 demonstrates the operational reality of reverse-proxy phishing with advanced MFA-bypass capabilities.

Description

Evilginx is a reverse-proxy phishing framework capable of intercepting authentication processes and compromising even MFA-protected accounts. A misconfigured Evilginx installation revealed three concurrent phishing campaigns targeting Microsoft 365 users with high-precision targeting capabilities. The framework creates fake login pages indistinguishable from legitimate Microsoft 365 interfaces and captures both credentials and MFA tokens. Organizations using Microsoft 365 are targets of these active campaigns currently deployed in the wild.

Risk score

20
cvss base
0.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
0.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

ESC