In our latest TI report, baseVISION uncovers a phishing campaign that abuses TikTok’s open redirect feature to hijack Microsoft credentials. The attackers use multi-stage redirect chains, IP-based cloaking, and Adversary-in-the-Middle (AiTM) phishing pages to bypass MFA and steal session tokens.
We break down the full attack chain, indicators of compromise, and provide actionable steps to protect your organization.
Report written by Giulia Melotti Garibaldi (Security Analyst).
Do you want to know more about the Extended Threat Intelligence & Hunting Service?
Flamur Ramiqi
Team Lead & Senior Threat Intelligence Analyst and Detection Engineer