#mfatokens — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #mfatokens, aggregated by home.social.
-
Inside a phishing panel
Security researchers gained direct access to Doko's Panel, a real-time phishing platform used in criminal campaigns by ShinyHunters and BlackFile groups. The investigation revealed four distinct infrastructure clusters operating independently customized variants of the tooling. Attacks combine voice phishing with adversary-in-the-middle techniques targeting enterprise identity providers like Okta, Microsoft, and Google, as well as cryptocurrency exchanges. Operators call victims impersonating IT helpdesk staff, directing them to combosquatted domains where credentials and MFA tokens are manually relayed in real-time. Confirmed breaches include SoundCloud (30M records), Match Group (10M records), Betterment (20M records), and Crunchbase. Over 400 domains have been identified linked to these operations. Evidence shows extensive use of AI language models in developing phishing infrastructure, with operators leveraging legitimate services to rapidly deploy and rotate attack infrastructure.
Pulse ID: 6a019872d2134a70b4d8a5bf
Pulse Link: https://otx.alienvault.com/pulse/6a019872d2134a70b4d8a5bf
Pulse Author: AlienVault
Created: 2026-05-11 08:50:58Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AdversaryInTheMiddle #Cloud #CyberSecurity #Google #InfoSec #MFA #MFATokens #Microsoft #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocurrency #AlienVault