**FOR IMMEDIATE RELEASE** | **FBI CYBER DIVISION - PUBLIC SERVICE ANNOUNCEMENT**
**WASHINGTON, D.C. (October 26, 2023)** – The Federal Bureau of Investigation (FBI) has issued an urgent cybersecurity alert regarding a sophisticated phishing campaign specifically targeting users of Microsoft Outlook and OneDrive. The FBI Cyber Division has observed a significant escalation in threat actor activity, actively exploiting trusted authentication protocols to compromise enterprise and personal accounts.
**What is the nature of the threat?**
The FBI confirms that malicious actors are deploying adversary-in-the-middle (AiTM) phishing kits. These kits intercept session cookies and bypass multi-factor authentication (MFA). A user is lured to a legitimate-looking login page; upon entering credentials and an MFA code, the attacker steals the authentication token, gaining persistent access to the victim’s Outlook email and OneDrive files without needing a password.
**Who is being targeted?**
The primary targets include, but are not limited to, employees of critical infrastructure sectors, government contractors, financial institutions, and healthcare organizations. However, private individual users of Microsoft 365 are also at elevated risk.
**Where is the attack originating?**
The attack vector is predominantly email-based. Victims receive a notification from a compromised account—often a known contact—regarding a shared OneDrive file or a critical calendar appointment. The email contains a link that reroutes the user through a malicious proxy server.
**When did this activity peak?**
The FBI reports a sharp increase in these attacks over the past 72 hours, with successful intrusions resulting in data exfiltration and subsequent ransomware deployment.
**Why is this alert critical?**
Traditional security training often emphasizes not sharing passwords. This attack makes that training obsolete. The threat actor does not need the password; they need the session cookie. This renders standard MFA ineffective. Once access is obtained, adversaries establish email forwarding rules to hide communications and harvest sensitive documents from OneDrive.