VoidProxy: Phishing Threat to Microsoft 365 and Google Workspace
VoidProxy, a sophisticated “phishing-as-a-service” platform that targets Microsoft 365 and Google Workspace users. This threat distinguishes itself by operating as a real-time proxy, enabling attackers to intercept not only usernames and passwords, but also multi-factor authentication tokens and active session cookies. The platform utilizes compromised email marketing accounts, sophisticated redirection chains, and Cloudflare infrastructure to bypass traditional security measures and present convincing phishing pages. Technijian, an IT services provider, is introduced as a resource for organizations to implement robust cybersecurity defenses against such advanced threats, offering solutions like phishing-resistant authentication, risk-based access controls, and incident response.
