The PhaaS specifically targets Microsoft 365 accounts.
A newly detected Adversary-in-the-Middle (AiTM) phishing kit has the ability to intercept both user credentials and two-factor authentication (2FA), ultimately bypassing anti-phishing defenses such as email and secure web gateways.
In a blog post, Sekoia researchers said these phishing pages have been circulating since at least October 2024 and have been sold as Phishing-as-a-Service (PhaaS) kits by the cybercrime service “Sneaky Log,” which operates through a fully-featured bot on Telegram.
Specifically targeting Microsoft 365 accounts, SneakyLog's PhaaS kit also utilises obfuscated Microsoft webpage screenshots and other means to establish legitimacy.
“This phishing kit was developed by one group of threat actors and sold to others, highlighting the collaborative nature of many cyberattacks,” Elad Luz, head of research at Oasis Security told SC US.
“These malicious tools are often the result of layered efforts by different actors, working together and trading resources. The fact that such kits are readily available for purchase is highly concerning.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
