Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Summary
A new phishing suite named Starkiller has been revealed by researchers, designed to bypass multi-factor authentication (MFA) by using an Adversary-in-the-Middle (AitM) reverse proxy. Advertised as a cybercrime platform by the Jinkusu threat group, Starkiller allows its users to impersonate various brands or input real brand URLs to conduct phishing attacks.
IFF Assessment
The development of new sophisticated phishing tools that bypass MFA represents a significant threat to users and organizations, making it harder for defenders to protect against credential theft.
Defender Context
Defenders should be aware of evolving phishing techniques that bypass MFA, such as AitM proxies. This necessitates a layered security approach, including robust endpoint detection and response (EDR), security awareness training focusing on recognizing sophisticated phishing attempts, and the implementation of additional authentication factors beyond traditional MFA where possible.