Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Ongoing Astaroth Phishing Campaign Targeting Gmail, Microsoft and Third-Party Authentication Services
Alerts

Ongoing Astaroth Phishing Campaign Targeting Gmail, Microsoft and Third-Party Authentication Services

28 February 2025

There are reports of an ongoing Astaroth phishing campaign targeting Gmail, Microsoft, and third-party logins. Attackers are able to bypass Multi-Factor Authentication (MFA), stealing credentials in real-time.

A new phishing campaign leveraging the "Astaroth" phishing kit has been observed targeting users of Gmail, Yahoo, AOL, Microsoft O365, and other third party authentication services. The attack utilises man-in-the-middle (MiTM) techniques to steal login credentials and bypass multi-factor authentication (MFA).

Attack Vector

Threat actors deploy phishing emails that re-direct victims to login pages masquerading as legitimate authentication portals. These sites intercept user credentials and MFA codes in real time as the victim keys in their details, allowing threat actors to gain full access to the compromised accounts.

Users and organisations are advised to take the following measures to ensure their cybersecurity:

  1. Exercise Caution with Emails – Do not click on links in unsolicited emails, especially those requesting for login verification. Always verify the sender's email address and ensure it matches their identity. For example, an email claiming to be from Google should come from an official Google domain.

  1. Verify URLs Before Entering Credentials – Always verify the authenticity of a URL before signing in, even when the login page appears to be legitimate. Look for unsolicited URLs or misspellings in the address.

  1. Use Passkeys for Authentication – Passkeys are phishing-resistant as users are not required to key in their credentials manually, thereby reducing the risk of credential theft via interception. If you have a passkey enabled for your account, opt for it as the preferred sign-in method over passwords. Where available, you may refer to your service provider for specific guidelines on setting up and managing passkeys.

  1. Monitor Account Activity – Enable login alerts and review recent login activity regularly to check for unauthorised access.

Further guidance on how to defend yourself against MFA Bypass Attacks can be found here.

More information is available here:

https://cybersecuritynews.com/new-astaroth-2fa-phishing-kit-targeting-gmail/

https://slashnext.com/blog/astaroth-a-new-2fa-phishing-kit-targeting-gmail-yahoo-aol-o365-and-3rd-party

Back to top