AI Phishing Campaign Hits Microsoft Cloud

Huntress analysts tied the operation to an EvilTokens “Phishing as a Service” offering first advertised on February 16, 2026 on the NOIRLEGACY Telegram channel. (huntress.com) Huntress recorded the first compromises from Railway infrastructure on February 19 and February 24, 2026, with the campaign tempo accelerating sharply on March 2, 2026. (huntress.com) As of March 23, 2026 Huntress reported blocking 113 attempted compromises in addition to roughly 350 successful token captures observed over the previous two weeks. (huntress.com) The campaign exploited Microsoft’s device-code OAuth flow to obtain valid access tokens that can persist for up to 90 days without requiring a password or MFA, enabling token replay and AiTM-style persistence. (cyberscoop.com) Huntress documented 344 detailed victim organizations spanning the U.S., Canada, Australia, New Zealand and Germany across sectors including construction, law firms, nonprofits, real estate, manufacturing, finance, healthcare and public safety. (cyberscoop.com) EvilTokens’ product catalog advertises three tools—“B2B Sender,” “Office 365 Capture Link” and an “SMTP Sender”—and includes integrated AI workflows for tailoring lures, bypassing email filters and automating campaign scale. (huntress.com) Researchers observed attackers abusing Railway.com’s Platform-as-a-Service to spin up clean credential-harvesting infrastructure at machine speed, prompting Huntress to block authentication from Railway IPs and push a conditional-access email policy update to roughly 60,000 Microsoft tenants. (huntress.com) Huntress reported preventing observed post-compromise activity in its customer set while warning the identified 344 victims likely represent only a subset of total compromises that may extend into the low thousands. (cyberscoop.com)