Phishing attacks against Microsoft 365 are becoming more advanced and frequent.

New findings from ReliaQuest and Ontinue highlight how phishing campaigns are evolving into enterprise-grade operations.

🔎 Key Techniques

• Axios Abuse: Attackers exploit Axios HTTP tools to intercept, modify, and replay HTTP requests, capturing MFA codes, SAS tokens, and session cookies.
• Microsoft Direct Send: Weaponized to spoof trusted accounts and bypass secure email gateways. Axios + Direct Send yields a 70% phishing success rate.
• Salty 2FA Phishing Kits: Simulate six MFA methods (SMS, apps, calls, push, codes, hardware tokens) to sidestep authentication.
• Evasion Features: Cloudflare Turnstile checks, IP/geolocation filtering, Firebase hosting, dynamic branding, and domain-per-victim workflows.

⚠️ Impact

• Executives in finance, healthcare, and manufacturing were first targeted, now expanded to general users.
• Campaigns use compensation-themed lures, fake OneDrive/Outlook portals, and malicious QR codes.
• The sophistication blurs the line between legitimate corporate workflows and fraudulent phishing pages.

🛡️ Mitigation

• Disable or secure Direct Send if not required.
• Apply strict anti-spoofing and anti-phishing policies.
• Train employees to recognize malicious QR codes and MFA phishing lures.
• Block suspicious domains and continuously monitor traffic for anomalies.

At Alcaeus Services, we help organizations strengthen email security, mitigate advanced phishing campaigns, and protect identity systems against MFA bypass threats.