New Wave of AI-Powered Phishing Campaigns Increases Sophistication and Scale
AI-Powered Phishing Hits New Levels of Sophistication, Bypassing MFA
Related Entities(initial)
Full Report(when first published)
Executive Summary
The phishing threat has evolved significantly in 2026, driven by the widespread availability of Generative AI. A May 20, 2026 security alert details how threat actors are leveraging AI to create highly convincing and personalized phishing emails at an unprecedented scale. These attacks are grammatically flawless and contextually aware, often scraping public data from sources like LinkedIn to craft believable lures. This new level of sophistication is combined with advanced technical methods to bypass modern defenses. The threat actor TA4903 is using a technique called 'device code phishing' to defeat Multi-Factor Authentication (MFA), while Phishing-as-a-Service (PhaaS) platforms like EvilTokens and Tycoon are making these advanced capabilities available to a broad criminal audience. This combination represents a formidable challenge to traditional email security and user awareness training.
Threat Overview
The new phishing paradigm has two main components: AI-powered social engineering and MFA-bypass techniques.
AI-Driven Social Engineering: Attackers use generative AI to automate the creation of spear-phishing emails. The AI can be prompted to impersonate a specific person or organization (e.g., the UK's HMRC or NHS) and write a contextually relevant message. It can also be fed public data about a target to personalize the email, referencing their job title, colleagues, or recent projects, making the lure highly effective.
Device Code Phishing: This is an advanced technique designed to bypass MFA. Instead of trying to steal a password and an MFA code separately, the attacker tricks the user into authorizing a malicious application on their account through the Microsoft Device Code authentication flow. The user is presented with a code and told to enter it at a legitimate Microsoft URL (
microsoft.com/devicecode). If they do, they grant the attacker's application persistent access to their account, with a refresh token that bypasses the need for MFA on subsequent logins.
Technical Analysis
The attack chain for a device code phishing attack is as follows:
- Initial Lure: The user receives a phishing email, often from an AI-generated source, that directs them to a malicious link. The email might claim they have a new document to view or an urgent task to complete.
- Redirection: The link takes them to an attacker-controlled page that initiates the device authentication flow and presents the user with a short code (e.g.,
G5J3F9K7). - User Action: The page instructs the user to open a new tab, navigate to the legitimate
microsoft.com/devicecodeURL, and enter the code. - Authorization: The user, now on a legitimate Microsoft site, enters the code and is prompted to authorize the application. The application name might be disguised as something innocuous like 'Email' or 'Document Viewer'.
- Token Granted: Upon authorization, Microsoft's identity platform grants the attacker's application a refresh token and an access token. The attacker now has persistent access to the user's account (e.g., their email, files) without needing their password or MFA device ever again.
This entire process is facilitated by PhaaS kits like Tycoon, which provide the templates, infrastructure, and tutorials to carry out these attacks. This is a clear example of the T1566.002 - Spearphishing Link and T1556.006 - Multi-Factor Authentication bypass techniques in action.
Impact Assessment
The impact of these advanced phishing campaigns is severe. A successful attack results in a full account takeover, even on MFA-protected accounts. This gives the attacker access to all data the user can access, including sensitive emails, files in OneDrive/SharePoint, and contacts. The compromised account can then be used to launch further internal phishing attacks, commit financial fraud, or exfiltrate data. The use of AI to personalize attacks means that even security-savvy users are at a higher risk of being deceived. The democratization of these tools via PhaaS means that organizations can expect to see a higher volume and sophistication of phishing attempts.
Detection & Response
- Monitor Azure AD Logs: Look for suspicious application consents. Azure AD audit logs will show when a user grants permissions to a new enterprise application. Hunt for applications with unusual names, publishers, or permissions. This is a form of D3FEND's
Domain Account Monitoring(D3-DAM). - Email Gateway Analysis: While AI makes detection harder, advanced email security gateways can still look for other indicators, such as newly registered domains, abuse of URL shorteners, and the presence of keywords related to device code authentication.
- User-Reported Phishing: A well-trained user base is still a valuable sensor. Encourage and streamline the process for users to report suspicious emails.
Mitigation
- Conditional Access Policies: The most effective technical control against device code phishing is to configure Microsoft Azure AD Conditional Access Policies to restrict or block application consents. You can block users from consenting to new applications entirely, or limit consent to applications from verified publishers.
- Phishing-Resistant MFA: Move towards phishing-resistant MFA, such as FIDO2 security keys or certificate-based authentication. These methods are not susceptible to token theft or device code phishing.
- User Awareness Training: Update user training to specifically address AI-powered phishing and MFA-bypass techniques. Teach users to be suspicious of any request that involves them authenticating outside of their normal workflow, even if it appears to be on a legitimate site.
Timeline of Events
Article Updates
June 16, 2026
FBI warns of new AI-powered PhaaS 'Kali365' facilitating MFA-bypassing device code phishing, providing specific hunting hints.
Update Sources:
MITRE ATT&CK Mitigations
Multi-factor Authentication
While some MFA can be bypassed, implementing phishing-resistant MFA like FIDO2 is the most effective mitigation.
User Training
Update user training to include the latest threats, such as AI-generated emails and MFA bypass techniques.
Software Configuration
Configure Azure AD Conditional Access Policies to restrict or block user consent to new applications.
D3FEND Defensive Countermeasures
The rise of device code phishing and other token-stealing attacks means that not all MFA is created equal. To counter this threat, organizations must evolve their MFA strategy towards phishing-resistant methods. The gold standard is FIDO2/WebAuthn, which uses public-key cryptography and is bound to the device and origin, making it immune to phishing. Deploying FIDO2 security keys (like YubiKeys) or using platform authenticators (like Windows Hello or Apple Touch ID) for all privileged users and critical applications is the most effective technical countermeasure. For legacy systems that don't support FIDO2, use certificate-based authentication or other smart card solutions. While any MFA is better than none, the goal should be to move away from phishable factors like SMS, voice calls, and one-time password (OTP) apps wherever possible.
A critical and immediate step to block device code phishing is to harden the application consent configuration in Azure Active Directory. By default, many tenants allow users to grant consent to new applications. This is the setting that device code phishing exploits. Administrators should navigate to the Azure AD portal -> Enterprise applications -> Consent and permissions -> User consent settings, and select 'Do not allow user consent'. This will block users from authorizing any new applications. For organizations that need more flexibility, the 'Allow user consent for apps from verified publishers, for selected permissions' option can be used, combined with an admin consent workflow. This ensures that any new application, malicious or legitimate, must be reviewed and approved by an administrator before it can be granted access to organizational data, effectively shutting down the automated attack chain used by TA4903.
Sources & References(when first published)
Article Author
Jason Gomes
• Cybersecurity PractitionerCybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.
Tags
📢 Share This Article
Help others stay informed about cybersecurity threats
🎯 MITRE ATT&CK Mapped
Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.
🧠 Enriched & Analyzed
Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.
🛡️ Actionable Guidance
Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.
🔗 STIX Visualizer
Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.
⚡ Sigma Generator
Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.