A new wave of highly sophisticated phishing campaigns has been detected circumventing modern Multi-Factor Authentication (MFA) protocols. Leveraging large language models (LLMs), threat actors are dynamically generating context-aware spear-phishing emails tailored precisely to target individuals.
By automating the reconnaissance phase using AI, attackers are scraping LinkedIn profiles and public corporate directories to craft lures that impersonate internal IT departments or key vendors.
The AitM Mechanism
The ultimate goal of these campaigns is an Adversary-in-the-Middle (AitM) attack. The AI-generated emails contain links to convincing reverse-proxy login pages that intercept the authentication token and session cookie in real-time, completely bypassing SMS or push-notification MFA.
