Adversary-in-the-Middle (AiTM) Attack

What is Adversary-in-the-Middle (AiTM) Attack?

An Adversary-in-the-Middle (AiTM) attack is a reverse-proxy phishing technique that intercepts the entire authentication flow between a victim and a legitimate service — including multi-factor authentication (MFA) — and steals the session token issued after successful login. Unlike traditional credential phishing that captures only a password, AiTM attacks capture the authenticated session itself, granting attackers full account access without needing to re-authenticate. Microsoft reported a 146% rise in AiTM attacks in 2024, and CrowdStrike's 2026 Global Threat Report found that 82% of detections were malware-free — adversaries are logging in rather than breaking in.

Description

In an AiTM attack, the attacker positions a malicious reverse proxy server between the victim's browser and the legitimate authentication service — such as Microsoft 365, Google Workspace, or Okta. The victim sees a real-looking login page, enters real credentials, and completes their MFA challenge normally. Every interaction is relayed through the attacker's proxy, which forwards traffic to the real service to complete authentication. The legitimate service then issues a session cookie or token — which the proxy captures before forwarding to the victim. The attacker now holds a valid session that grants the same access as the authenticated user, without any malware footprint. This is why traditional MFA — SMS codes, authenticator apps, push notifications — does not stop AiTM: those controls protect the authentication event, not the session that follows. Phishing-as-a-service (PhaaS) platforms like Tycoon 2FA have industrialized AiTM, enabling attackers with minimal technical skill to run large-scale campaigns against Microsoft 365 and Google environments. AiTM attacks frequently precede Business Email Compromise (BEC), where the captured session is used to read emails, intercept payment conversations, and redirect wire transfers. They are also a primary initial access vector for ransomware operators who need valid credentials for persistence and lateral movement.

Usage and Examples

In 2025, a multi-stage AiTM attack against banking and financial services organizations originated from a compromised trusted vendor account. The attacker used the initial stolen session to send phishing emails from a legitimate domain to partner organizations — making the lure highly convincing — and then repeated the AiTM chain across multiple targets. The legitimate-looking sender domain bypassed email security filters, and the AiTM proxy bypassed MFA. Only phishing-resistant authentication methods — FIDO2 passkeys and hardware security keys — are structurally immune to AiTM, because the cryptographic attestation is bound to the originating domain and cannot be replayed from a proxy. Detection strategies include monitoring for session tokens used from anomalous IP addresses or geographies, implementing token lifetime limits with continuous session validation, and deploying Identity Threat Detection and Response (ITDR) to flag behavioral anomalies in authenticated sessions.

How Does This Relate to Penetration Testing?

AiTM techniques are used in red team engagements and advanced phishing simulation exercises to demonstrate that MFA alone does not constitute adequate identity protection against modern attacks. Red team operators use AiTM frameworks like Evilginx to capture sessions during social engineering phases, validating whether the target organization has detective controls — token anomaly detection, impossible travel alerts, device-binding policies — that would surface a stolen session before it is exploited. The findings inform MFA upgrade roadmaps: organizations still relying on push notifications or SMS codes are shown concrete evidence that these controls are bypassable, creating urgency for phishing-resistant authentication adoption. Evolve Security's Red Team engagements simulate AiTM and other advanced phishing techniques to validate whether your identity controls would stop a real attacker — or just slow them down.