Intrusions part of the campaign, which has been primarily targeted at the education sector, commenced with the distribution of notification-spoofing phishing emails deceiving recipients into clicking a link that redirects to a seemingly legitimate ADFS portal seeking to compromise targets’ second-factor authentication, according to an analysis from Abnormal Security.
Bogus Microsoft ADFS login pages leveraged for widespread credential theft
