Sekoia.io analysts conducted an in-depth analysis of the emerging Dadsec Attack-in-The-Middle (AiTM) Phishing-as-a-Service (PhaaS). The Dadsec OTT platform quickly became widespread and used in numerous phishing campaigns, including the trendy and evasive QR code phishing attacks. Dadsec OTT phishing pages mainly aim to harvest Microsoft 365 session cookies to bypass the MFA process during subsequent authentication.
We published results of our analysis in the FLINT FLINT 2023-043 - Dadsec OTT: a new prevalent PhaaS using AitM phishing aiming at presenting the context about the threat, how the Dadsec phishing kit works, as well as tracking and detection opportunities related to this threat.
Related resources: