As Phishing-as-a-Service (PhaaS) offerings have lowered the barrier to entry for low-skilled threat actors, “Adversary-in-the-Middle” (AitM) attacks have become much less technical to execute. Open-source toolkits such as “EvilGinx3,” make phishing campaigns accessible to the most novice threat actors. With such frameworks, actors can easily create custom Office 365 login pages; mimic other popular websites such as Amazon, LinkedIn, Facebook, and X (formerly Twitter) to conduct opportunistic or highly targeted phishing campaigns. Given this accessibility, the Center for Internet Security® (CIS®) Cyber Threat Intelligence (CTI) team at the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) assess with moderate confidence that cyber threat actors (CTAs) will continue to employ Adversary in the Middle (AiTM) attacks opportunistically against U.S. State, Local, Tribal, and Territorial (SLTT) government entities.

The mitigation practices to reduce the risk of AiTM attacks involve a defense-in-depth security approach which includes regular user training and network monitoring. Members are encouraged to review the following post at the Center for Internet Security (CIS) for more details and mitigations.