- 시스코 보안 연구진, LLM 표적 공격 수법에 대한 연구결과 및 위협 사례 공개
- Goodbye digital transformation, hello AI-first business transformation
- Sophos Acquires Secureworks for $859 Million | TechRepublic
- U.K. Announces 'World-First' Cyber Code of Practice
- I switched to a $129 Android phone for a week, and it was surprisingly capable
Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA
A new phishing campaign has been observed targeting organizations using Microsoft Active Directory Federation Services (ADFS), leveraging spoofed login pages to steal credentials and bypass multi-factor authentication (MFA).
According to cybersecurity researchers at Abnormal Security, the attack exploits ADFS, a single sign-on (SSO) solution that allows users to authenticate across multiple applications with a single set of credentials.
Threat actors craft highly convincing phishing pages that mirror the legitimate ADFS login portals of targeted organizations, tricking users into submitting their credentials and MFA details.
How the Attack Works
Cybercriminals execute this attack in multiple stages:
-
Phishing email: Spoofed emails, appearing to be from the organization’s IT department, prompt users to visit a fraudulent ADFS login page
-
Credential harvesting: The phishing site collects usernames, passwords and MFA codes
-
Account takeover: Attackers use stolen credentials to access the organization’s network, conduct lateral phishing and perform financial fraud
Unlike traditional phishing scams that create a sense of urgency, these emails use more subtle social engineering tactics. The attackers even customize phishing pages based on an organization’s MFA setup, increasing the likelihood of success.
Critical Sectors at Risk
The report identified over 150 targeted organizations across multiple industries, with the education sector accounting for more than 50% of attacks. Other affected industries include:
-
Healthcare (14.8%)
-
Government (12.5%)
-
Technology (6.3%)
-
Transportation (3.4%)
Most affected organizations are in the US, Canada, Australia and Europe. Companies with legacy authentication systems like ADFS are particularly vulnerable, as many have yet to transition to Microsoft’s modern identity platform, Entra.
How Organizations Can Defend Themselves
Security experts recommend a multi-layered defense strategy:
-
Migrate to modern identity solutions – Shift to platforms like Microsoft Entra to reduce reliance on ADFS
-
Strengthen security awareness training – Educate employees on phishing tactics and psychological manipulation techniques
-
Implement advanced detection tools – Use AI-powered email filtering and behavioral monitoring to detect phishing attempts
By proactively updating security measures and educating users, organizations can mitigate the risk of ADFS-based phishing attacks and better protect sensitive information.
Image credit: gguy / Shutterstock.com
