nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Multi stage Compliance themed Phishing Enables Account Compromise

Du'aine Davis · 2026-05-05T09:42:12+00:00

Observed in the wild * Between 14 and 16 April, Microsoft observed a large‑scale phishing campaign targeting 35,000+ users across 13,000 organisations in 26 countries, primarily the US. Emails impersonated internal compliance or code‑of‑conduct reviews and led victims to attacker‑controlled sites, resulting in account…

Du'aine Davis

Observed in the wild

Between 14 and 16 April, Microsoft observed a large‑scale phishing campaign targeting 35,000+ users across 13,000 organisations in 26 countries, primarily the US. Emails impersonated internal compliance or code‑of‑conduct reviews and led victims to attacker‑controlled sites, resulting in account compromise via stolen authentication tokens rather than simple password theft.
Attackers used polished compliance‑themed emails with PDF attachments, Cloudflare CAPTCHAs, and multiple staging pages to appear legitimate and evade automated analysis. The final stage abused adversary‑in‑the‑middle (AiTM) phishing, proxying a genuine Microsoft sign‑in flow to capture session tokens, bypassing non‑phishing‑resistant MFA.
Organisations are advised to enable Safe Links, Safe Attachments, ZAP, and Threat Explorer in Microsoft Defender for Office 365; enable network protection and SmartScreen via Microsoft Defender for Endpoint; adopt phishing‑resistant MFA (FIDO2, Windows Hello); review anomalous token sign‑ins in Entra ID; and run attack simulation training focused on compliance‑style lures.

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise | Microsoft Security Blog

Find more posts tagged with

Threat Landscape

Sign in to participate and unlock exclusive content 🔓

It looks like you're new here! Sign in or register to be able to comment, access member-only content and follow the spaces relevant to you.

Comments

There are no comments yet

See what's trending

Click on a tag to discover all the published content related to it.