AiTM attack: how hackers bypass MFA — and what cyber risk gaps to check first

Think MFA means your business is fully protected? AiTM attacks are proving otherwise.

An AiTM attack, short for adversary-in-the-middle attack, is a type of phishing attack where a cybercriminal places themselves between your employee and a legitimate login page. The employee may think they are signing into Microsoft 365, Google Workspace, or another trusted system, but the attacker is quietly intercepting the login session.

That means the attacker may capture more than a password. In many AiTM phishing attacks, they can also capture the authenticated session token after MFA is completed, which may allow them to access the account without needing to repeat the MFA process. Microsoft has described recent AiTM phishing campaigns that proxy authentication sessions and capture authentication tokens for account access.

The real question is not only “Could an AiTM attack happen to us?”
The better question is “If an AiTM attack targeted our business, which security gaps would make the damage worse?”

That is where Winsor Consulting’s Cyber Risk Gap Assessment helps. In about 6 minutes, you can identify your biggest cybersecurity gaps across key areas like identity, email security, endpoint protection, employee risk, vendor risk, backups, and incident response.

Check my cyber risk gaps Take the 6-minute Cyber Risk Gap Assessment
12-minute read Threat awareness guide Updated June 2026

Section 1 · The basics

What is an AiTM attack?

An AiTM attack stands for adversary-in-the-middle attack. It is a phishing technique where an attacker positions a malicious proxy between a user and a legitimate website or application.

Instead of simply stealing a username and password, an AiTM attack can intercept the authentication process in real time. The employee may see what looks like a normal login page. They may enter their password. They may complete MFA. But behind the scenes, the attacker is relaying that login to the real service and capturing the session data.

This is why AiTM attacks are especially dangerous for businesses that rely on traditional MFA but have not reviewed the surrounding security controls. Huntress describes AiTM attacks as attacks that use proxy servers to intercept real-time authentication, capture credentials and session data, and bypass MFA in some scenarios.

In plain English

An AiTM attack tricks an employee into logging in through the attacker’s system, then steals the authenticated session.

That can lead to:

  • Microsoft 365 account compromise
  • Business email compromise
  • Internal phishing from a trusted employee account
  • Wire fraud attempts
  • Data exposure
  • Inbox rule manipulation
  • Unauthorized file access
  • Vendor or client impersonation

This is not just an IT problem. It is a business risk problem.

Section 2 · The mechanics

How does an AiTM attack work?

Most AiTM attacks follow a simple but dangerous pattern.

1

The employee receives a convincing message

The attack usually starts with a phishing email, fake document share, Teams message, QR code, or other trusted-looking request. The message may appear to come from Microsoft, a vendor, a coworker, a client, or a file-sharing platform. The message creates urgency:

“Review this document.” “Your password is expiring.” “A secure message is waiting.” “Approve this policy update.” “View the shared file.” “Confirm your account.”

The goal is to get the user to click.

2

The link sends the employee to a fake login page

The user lands on what appears to be a normal Microsoft 365, Google, or cloud application login page. But the page is not simply a static fake. In an AiTM attack, the attacker may use a proxy that sits between the user and the real login service.

The user thinks they are logging into the legitimate system. The attacker is watching and relaying the interaction in real time.

3

The employee enters credentials and completes MFA

The employee enters their username and password. If MFA is required, the employee may also complete an MFA prompt.

This is where many businesses get a false sense of security. They assume that because MFA is turned on, the login is protected. But in some AiTM scenarios, the attacker is not just stealing the password. The attacker is intercepting the authenticated session.

4

The attacker captures the session token

After authentication is complete, the legitimate service issues a session token. That token tells the application, “This user has already logged in.”

If the attacker captures that token, they may be able to access the account without knowing the password or completing MFA again. Microsoft reported that AiTM phishing kits such as Tycoon2FA enabled attackers to bypass MFA and conduct account compromise at scale.

5

The attacker uses the account

Once inside the account, the attacker may:

  • Read email
  • Search for invoices or payment conversations
  • Create hidden inbox rules
  • Send phishing emails from the compromised account
  • Impersonate an executive
  • Access SharePoint or OneDrive files
  • Attempt wire fraud
  • Expand into other accounts
  • Target clients or vendors

The damage often happens after the login, not during the login. That is why AiTM prevention requires more than telling employees to “watch for phishing emails.”

Section 3 · The stakes

Why should business owners and executives care about AiTM attacks?

AiTM attacks matter because they expose a dangerous assumption: “We have MFA, so we are protected.”

MFA is still important. Every business should use it. But traditional MFA by itself may not be enough against modern phishing techniques that target authentication sessions instead of only passwords.

For business leaders, the risk is not the technical method alone. The risk is what a compromised account allows an attacker to do. A single compromised Microsoft 365 account can create business consequences such as:

  • Fraudulent invoice requests
  • Payroll redirection scams
  • Client data exposure
  • Confidential file access
  • Reputational damage
  • Regulatory or insurance complications
  • Loss of trust with customers and vendors
  • Disruption to operations
  • Emergency IT and forensic costs
Not just

“Do we have MFA?”

But also

“Do we know where our cyber risk gaps are?”

Questions worth asking:

  • Are we using phishing-resistant MFA where needed?
  • Are conditional access policies configured properly?
  • Are suspicious sign-ins being reviewed?
  • Can we revoke active sessions quickly?
  • Do employees know how these attacks look?
  • Are inbox rules and forwarding changes monitored?
  • Do we have an incident response process?
  • Are executives and finance users protected differently?
  • Are third-party and vendor accounts reviewed?
  • Are backups and business continuity plans tested?

AiTM attacks are often a symptom of a bigger security maturity problem.

Section 4 · Know the difference

AiTM attack vs traditional phishing vs man-in-the-middle attack

Many people confuse AiTM attacks with traditional phishing or older man-in-the-middle attacks. They are related, but they are not identical.

Attack type What happens Main risk
Traditional phishing A user enters credentials into a fake page Password theft
Man-in-the-middle An attacker intercepts communication between two parties Data interception or manipulation
AiTM attack An attacker proxies the login session between the user and the real service Credential theft, MFA bypass, and session token theft

The important difference is that AiTM attacks can happen even when the user believes they are interacting with a legitimate login process. That is what makes them so dangerous.

A traditional phishing attack often stops at stealing the password. An AiTM attack may go further by stealing the authenticated session.

Section 5 · MFA bypass

Can AiTM attacks bypass MFA?

Yes, some AiTM attacks can bypass traditional MFA by capturing session tokens after the user successfully authenticates.

That does not mean MFA is useless. MFA remains one of the most important baseline security controls. But not all MFA is equally resistant to phishing. Traditional MFA methods may include:

  • SMS codes
  • Email codes
  • Push notifications
  • One-time passwords
  • Authenticator app approvals

These methods can reduce many risks, but they may still be vulnerable to social engineering, token theft, push fatigue, or proxy-based phishing.

Phishing-resistant MFA is designed to reduce this risk. CISA has emphasized that phishing-resistant MFA is intended to prevent MFA bypass attacks and includes options such as smart cards and FIDO security keys.

The practical question is not

“Do we have MFA?”

The better question is

“Is our MFA strong enough for the accounts, systems, and business risks we need to protect?”

That answer depends on your users, your systems, your industry, your data, your compliance obligations, and your current security configuration.

Not sure if your MFA setup holds up?

Assess your MFA and identity security gaps — along with seven other risk areas — in about 6 minutes.

Check my cyber risk gaps

Section 6 · Where businesses are exposed

Common cyber risk gaps AiTM attacks expose

AiTM attacks rarely succeed because of one single missing tool. They usually expose a stack of small gaps across people, process, and technology. Here are the most common areas to review.

1. Identity & access gaps

Many businesses have MFA turned on but have not fully reviewed how identity is managed.

  • MFA is not enforced for every user
  • Admin accounts are not protected differently
  • Legacy authentication is still allowed
  • Conditional access policies are weak or missing
  • Risk-based sign-in policies are not configured
  • Sessions are not limited or reviewed
  • Users can add their own MFA methods without oversight
  • Former employees or stale accounts still exist

AiTM attacks target identity. If identity controls are weak, the attack has more room to spread.

2. Email security gaps

AiTM attacks often begin with email or messaging.

  • Weak phishing protection
  • Poor impersonation detection
  • No DMARC, DKIM, or SPF review
  • Employees receive too many unfiltered malicious messages
  • External sender warnings are missing or ignored
  • Suspicious links are not rewritten, scanned, or blocked
  • Mailbox forwarding and inbox rules are not monitored

Email is still one of the easiest ways into a business. AiTM attacks make that entry point more dangerous.

3. Microsoft 365 & cloud security gaps

For many businesses, Microsoft 365 is the center of communication, files, identity, and collaboration.

  • Sign-in logs are not reviewed
  • Risky users are not investigated
  • Impossible travel alerts are ignored
  • SharePoint and OneDrive permissions are too broad
  • Guest access is not governed
  • Security defaults or conditional access are misconfigured
  • Admin roles are too widely assigned
  • Audit logs are not enabled or retained long enough

If a compromised account can access email, files, Teams, SharePoint, and vendor conversations, one login can become a larger business event.

4. Employee behavior gaps

Employees are often trained on obvious phishing emails. AiTM attacks may look more convincing.

  • Training is too generic
  • Employees are not shown realistic login phishing examples
  • Users do not know how to report suspicious messages
  • Finance and executive staff do not receive extra training
  • Employees approve MFA prompts without thinking
  • Users rely on “the page looks real” as their main test

The issue is not that employees are careless. Modern phishing is designed to defeat normal human trust patterns.

5. Monitoring & detection gaps

Many businesses cannot quickly answer basic questions after a suspicious login:

  • Who logged in? From where? On what device?
  • Was MFA completed? Was a token issued?
  • Was email accessed? Were inbox rules created?
  • Were files downloaded?
  • Were messages sent externally?
  • Were additional accounts targeted?

If you cannot detect suspicious account behavior, you may not know an AiTM attack succeeded until fraud or data exposure has already happened.

6. Incident response gaps

AiTM attacks require fast containment.

  • No written incident response process
  • No clear owner for security incidents
  • No process to revoke sessions
  • No process to reset MFA methods
  • No mailbox investigation checklist
  • No communication plan for clients or vendors
  • No cyber insurance notification procedure
  • No post-incident review process

When an attacker has an active session, speed matters.

7. Backup & business continuity gaps

AiTM attacks may begin with account compromise, but they can create broader disruption.

  • Backups are not regularly tested
  • Microsoft 365 data backup is misunderstood
  • Critical data locations are unknown
  • Recovery time expectations are unclear
  • Business continuity plans are outdated
  • Leadership does not know what happens after a major incident

Not every AiTM attack becomes a ransomware incident, but account compromise can still disrupt operations and expose data.

8. Vendor & third-party risk gaps

Attackers often use compromised accounts to target vendors, customers, or partners.

  • Vendor access is not reviewed
  • Shared accounts are used
  • External guest users are not audited
  • Vendor payment changes are not independently verified
  • Clients and vendors are not warned quickly after compromise
  • No process exists for confirming unusual financial requests

AiTM attacks can turn your business into the trusted sender that attacks someone else.

Which of these gaps apply to your business?

Stop guessing. The 6-minute assessment covers every risk area above and shows you where to start.

Find my top cybersecurity gaps

Section 7 · What to watch for

Warning signs of an AiTM attack or account compromise

AiTM attacks can be hard to spot in the moment, but there are warning signs businesses should take seriously. Watch for:

  • Unexpected MFA prompts
  • Logins from unusual locations
  • Impossible travel alerts
  • Sign-ins from unfamiliar devices
  • New inbox rules
  • Email forwarding changes
  • Sent messages the user did not send
  • Deleted security notifications
  • Unusual SharePoint or OneDrive activity
  • Password reset attempts
  • New MFA methods added to an account
  • Vendor or client complaints about suspicious emails
  • Finance conversations suddenly changing tone or payment instructions

Take it seriously

A user saying “something felt off when I logged in” should be treated seriously.

Section 8 · Respond fast

What should you do if you suspect an AiTM attack?

If you believe an employee account may have been compromised through an AiTM attack, act quickly. A practical response may include:

  1. Revoke active sessions for the affected user.
  2. Reset the user’s password.
  3. Review and reset MFA methods.
  4. Check sign-in logs.
  5. Review mailbox rules and forwarding.
  6. Check sent and deleted items.
  7. Review file access in SharePoint, OneDrive, or other cloud systems.
  8. Confirm whether any financial or vendor conversations were accessed.
  9. Notify internal leadership if business email compromise is possible.
  10. Contact your IT or cybersecurity provider for deeper investigation.

Do not assume that changing the password alone fixes the problem. If the attacker has an active session token, the account may remain exposed until sessions are revoked and access is fully reviewed.

This is also a good moment to evaluate whether your business has the right preventive and detective controls in place.

Better to know before it happens

Take the 6-minute cyber risk assessment and find out where your defenses and response plans stand today.

Check my cyber risk gaps

Section 9 · The plan

How to reduce your risk from AiTM attacks

No single control eliminates AiTM risk. The goal is to reduce the likelihood of compromise and limit the damage if an account is targeted. Key controls to review include:

Strengthen identity security

  • Enforce MFA for all users
  • Use phishing-resistant MFA for high-risk accounts
  • Disable legacy authentication
  • Apply conditional access policies
  • Require compliant or trusted devices where appropriate
  • Limit admin privileges
  • Review stale accounts
  • Monitor risky sign-ins

Improve email protection

  • Strengthen anti-phishing policies
  • Review impersonation protection
  • Configure and monitor SPF, DKIM, and DMARC
  • Use safe links or link protection where appropriate
  • Block known malicious domains
  • Monitor forwarding rules and suspicious mailbox changes

Train employees with realistic examples

  • Show employees what fake login pages look like
  • Teach users not to trust a page only because it looks familiar
  • Train staff to report suspicious MFA prompts
  • Give finance and executives extra training
  • Reinforce verification steps for payment or credential requests

Improve monitoring and response

  • Review sign-in logs and risky users
  • Monitor mailbox rule changes
  • Create an account compromise checklist
  • Document who does what during an incident
  • Test session revocation procedures
  • Review cyber insurance reporting requirements
  • Run tabletop exercises for business email compromise scenarios

Review your business risk gaps

The strongest security programs do not rely on a single tool. They identify where the business is most exposed and prioritize fixes based on actual risk.

That is exactly what a cyber risk gap assessment is designed to help you do.

Section 10 · The takeaway

AiTM attacks raise a bigger question than “do we have MFA?”

Many companies have security tools in place but still do not know where they are most exposed.

  • They may have MFA but weak conditional access.
  • They may have email filtering but no mailbox rule monitoring.
  • They may have backups but no tested recovery process.
  • They may have employee training but no incident response plan.
  • They may have an IT provider but no clear cybersecurity roadmap.

AiTM attacks are a useful wake-up call because they reveal the difference between having security tools and having a mature, layered security posture.

The question is not

“Are we doing anything for cybersecurity?”

The better question is

“Where are the gaps that could create the most business risk?”

Cyber Risk Gap Assessment

Find your biggest cyber risk gaps before an attacker does

AiTM attacks can expose weaknesses across identity, email, employee behavior, monitoring, vendor access, backups, and incident response. You do not need to guess where your biggest gaps are.

Winsor Consulting’s Cyber Risk Gap Assessment gives you a clear, practical view of where your business may be most exposed. In about 6 minutes, you will answer questions across key risk areas and receive:

  • Your cyber risk score
  • Your top gap areas
  • A practical starting point for improving security
  • A clearer view of what to prioritize next
This is not a scare tactic. It is a clarity tool.
Take the Cyber Risk Gap Assessment

Find out which gaps could leave your business exposed to threats like AiTM phishing, account compromise, business email compromise, and data loss.

FAQ

Frequently asked questions about AiTM attacks

What does AiTM stand for?

AiTM stands for adversary-in-the-middle. It refers to an attack where a cybercriminal positions themselves between a user and a legitimate service, often by using a proxy-based phishing page.

What is an AiTM attack?

An AiTM attack is a phishing attack that intercepts a login session between a user and a real application. The attacker may capture credentials, MFA responses, and session tokens that allow account access.

Is AiTM the same as man-in-the-middle?

AiTM is related to man-in-the-middle attacks, but it is commonly used to describe modern phishing attacks that target authentication flows. In cybersecurity marketing and vendor research, AiTM often refers to attacks that proxy a login session to capture session tokens.

Can AiTM attacks bypass MFA?

Some AiTM attacks can bypass traditional MFA by capturing the authenticated session token after a user completes MFA. This is why phishing-resistant MFA and layered security controls are important.

Does MFA still matter?

Yes. MFA is still a critical security control. The lesson from AiTM attacks is not that MFA is useless. The lesson is that traditional MFA should be supported by stronger identity controls, monitoring, employee training, and response procedures.

What is session token theft?

Session token theft happens when an attacker captures the token that proves a user has already authenticated. If the attacker can use that token, they may access the account without needing the password or MFA prompt again.

How do you prevent AiTM phishing?

Reducing AiTM risk usually requires layered controls, including phishing-resistant MFA, conditional access, strong email protection, user training, session monitoring, mailbox rule monitoring, and documented incident response.

Who is most at risk from AiTM attacks?

Any organization using cloud email, Microsoft 365, Google Workspace, remote access tools, or web-based business applications can be targeted. Executives, finance users, HR staff, administrators, and employees with access to sensitive files or payment workflows may be especially attractive targets.

What should we do if we think an account was compromised?

Revoke active sessions, reset credentials, review MFA methods, check mailbox rules, review sign-in logs, inspect sent and deleted items, and contact your IT or cybersecurity provider. If payments, sensitive data, or client communications may be involved, escalate quickly.

How can Winsor Consulting help?

Winsor Consulting helps businesses identify and prioritize cybersecurity gaps. The Cyber Risk Gap Assessment is a practical first step for understanding where your organization may be exposed and what to address first.

Start the Cyber Risk Gap Assessment
Check my cyber risk gaps