HTTP Client Tools Exploitation for Account Takeover Attacks
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
This analysis reveals a growing trend of attackers repurposing legitimate HTTP client tools to compromise Microsoft 365 environments. The report highlights two main attack campaigns: one using Axios client with a 43% success rate in compromising user accounts, and another using Node Fetch client for large-scale brute force attacks. The Axios campaign primarily targets executives and high-value users across various industries, while the Node Fetch campaign focuses on educational institutions. The analysis also notes a brief shift to Go Resty client before returning to Node Fetch. These evolving tactics demonstrate the adaptability of threat actors in exploiting HTTP clients for account takeover attacks.
OPENCTI LABELS :
brute force,microsoft 365,adversary-in-the-middle,account takeover,node fetch,okhttp,axios,http client tools
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
HTTP Client Tools Exploitation for Account Takeover Attacks