Defending against adversary-in-the-middle threats with phishing-resistant multi-factor authentication (ITSM.30.031)

This publication provides details on observed AitM phishing campaigns to highlight their prevalence and demonstrate the risk of leaving cloud accounts vulnerable. All findings in this publication are based on over 100 campaigns that the Canadian Centre for Cyber Security (Cyber Centre) detected targeting Microsoft Entra ID accounts between 2023 and early 2025. Although this is not a comprehensive overview of all AitM phishing campaigns happening globally, it offers a snapshot of how widespread these campaigns have become.

Data and Resources

Additional Info

Field	Value
Last Updated	April 17, 2026, 17:23 (UTC)
Created	April 17, 2026, 17:23 (UTC)
contact_email	opengov-gouvouvert@cse-cst.gc.ca
criticality_level	[]
geographic_scope	[]
open_canada_collection	publication
open_canada_date_published	2025-10-30 00:00:00
open_canada_keywords	{"en": ["Phishing-resistant MFA", "MitM defense", "Identity protection"], "fr": ["Défense MitM", "Protection d’identité"]}
open_canada_subject	["economics_and_industry", "education_and_training", "government_and_politics", "information_and_communications", "science_and_technology"]
sensitivity_level	unrestricted
title_fr	Défense contre les attaques de type adversaire au milieu grâce à une authentification multifacteur résistante à l’hameçonnage (ITSM.30.031)
update_frequency	as_needed