Cisco Talos identified 'ARToken', a sophisticated phishing-as-a-service platform linked to EvilTokens.
The platform allows attackers to bypass MFA and gain full access to Microsoft 365 accounts.
The phishing campaign uses targeted lures, such as fake invoices, to compromise organizations.
This article is generated by cross-referencing multiple sources and official announcements. Parts relying solely on testimony or reporting are reflected in the confidence score; content and assessment are updated as new information is confirmed.