Contact

HTTP Client Tools Exploitation for Account Takeover Attacks

NetmanageIT OpenCTI - opencti.netmanageit.com

HTTP Client Tools Exploitation for Account Takeover Attacks



SUMMARY :

This analysis reveals a growing trend of attackers repurposing legitimate HTTP client tools to compromise Microsoft 365 environments. The report highlights two main attack campaigns: one using Axios client with a 43% success rate in compromising user accounts, and another using Node Fetch client for large-scale brute force attacks. The Axios campaign primarily targets executives and high-value users across various industries, while the Node Fetch campaign focuses on educational institutions. The analysis also notes a brief shift to Go Resty client before returning to Node Fetch. These evolving tactics demonstrate the adaptability of threat actors in exploiting HTTP clients for account takeover attacks.

OPENCTI LABELS :

brute force,microsoft 365,adversary-in-the-middle,account takeover,node fetch,okhttp,axios,http client tools


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


HTTP Client Tools Exploitation for Account Takeover Attacks