Home/News/Misconfigured Server Exposes Three Evilginx Phishing Campaigns
The Hacker News2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

Misconfigured Server Exposes Three Evilginx Phishing Campaigns

Misconfigured Server Exposes Three Evilginx Phishing Campaigns

A misconfigured Python web server, left running with directory listing enabled on a public port, inadvertently exposed the operational toolkit for three active Evilginx phishing campaigns targeting Microsoft 365. The command used to launch the server, `python3 -m http.server 8080`, was found in the readable `.bash_history` file, revealing the lapse in security.

French security firm Lexfo discovered the exposed server and was able to access the operator's complete toolkit. This discovery allowed Lexfo to pivot and identify two additional, distinct Evilginx phishing operations conducted by the same actor. The exposed data included phishing kits, victim lists, and potentially credentials or other sensitive information harvested from compromised Microsoft 365 accounts.

Evilginx is a sophisticated phishing framework that uses reverse proxy servers to intercept and relay traffic between victims and legitimate websites. This allows attackers to capture session cookies and bypass multi-factor authentication (MFA) by impersonating the user's active session. The campaigns identified by Lexfo were actively engaged in credential harvesting, likely aiming to gain unauthorized access to corporate email accounts, sensitive data, and other resources protected by Microsoft 365.

Lexfo's analysis indicated that the exposed toolkit was comprehensive, suggesting a well-resourced and organized threat actor. The firm has not disclosed the exact number of victims or the specific timeframes of the operations to avoid alerting the attacker or further compromising potential victims. However, the exposure highlights a critical vulnerability in operational security for phishing actors and underscores the importance of robust server configuration and access controls, even for malicious infrastructure.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next