Analysis

A new, sophisticated phishing-as-a-service (PhaaS) platform named VoidProxy is enabling multiple threat actors to execute real-time, attacker-in-the-middle (AiTM) attacks against Microsoft (MSFT) and Google (GOOGL) accounts. According to research from Okta (OKTA), this service facilitates the theft of credentials, multi-factor authentication codes, and session tokens, resulting in high-confidence account takeovers across various industries and geographies. The platform's scalability and its advertisement on the dark web since August 2024 signal a persistent and evolving threat vector for enterprise security. While the news negatively impacts Microsoft and Google by exposing vulnerabilities in their ecosystems, it positively positions Okta as a key player in threat intelligence, as its team uncovered the operation and is actively alerting customers. The use of Cloudflare (NET) to mask attacker infrastructure highlights a persistent operational risk for internet infrastructure providers. The incident underscores the inadequacy of basic MFA and elevates the strategic importance of phishing-resistant authenticators, such as FIDO2 WebAuthn and passkeys, which both Okta and Google recommend.