VYPR
researchPublished Jul 14, 2026· 1 source

New Phishing Kits 'Jalisco' and 'OmegaLord' Evade Microsoft 365 MFA

Two new sophisticated phishing kits, Jalisco and OmegaLord, are actively targeting Microsoft 365 accounts by employing advanced techniques to bypass multi-factor authentication, researchers report.

Security researchers have identified two new phishing kits, dubbed Jalisco and OmegaLord, that are specifically engineered to compromise Microsoft 365 accounts by circumventing multi-factor authentication (MFA) protections. These kits represent a significant advancement in phishing tactics, moving beyond simple credential harvesting to more complex methods that can trick even security-conscious users.

The primary mechanism employed by both Jalisco and OmegaLord involves session hijacking and token theft. Instead of merely stealing usernames and passwords, these kits aim to capture active session tokens or leverage techniques that allow them to impersonate legitimate user sessions. This often involves adversary-in-the-middle (AiTM) attacks, where the phishing page acts as a proxy between the victim and the legitimate Microsoft 365 login portal. When a user attempts to log in, their credentials and MFA codes are intercepted, and the attacker can then use these to establish a valid, authenticated session.

This approach is particularly effective against MFA because the attacker is not simply replaying stolen credentials. Instead, they are using the stolen session information or MFA code in real-time to authenticate as the user. Once authenticated, the attacker can potentially gain access to sensitive data, send fraudulent communications, or pivot to other systems within the compromised organization. The sophistication of these kits suggests a well-resourced threat actor or a commercial operation selling these tools on the dark web.

While the exact technical details of Jalisco and OmegaLord may differ, the overarching goal remains the same: to achieve persistent access to Microsoft 365 environments. This could involve stealing specific data, deploying ransomware, or using the compromised account for further espionage or fraud. The discovery highlights the ongoing cat-and-mouse game between security vendors and threat actors, with attackers constantly evolving their methods to stay ahead of defenses.

Microsoft 365 is a prime target due to its widespread adoption in businesses of all sizes, making it a lucrative platform for cybercriminals. The integration of cloud services, email, and collaboration tools within a single ecosystem means that a successful account compromise can have far-reaching consequences for an organization's operations and data security.

Users and organizations are urged to remain vigilant and implement robust security practices. This includes educating users about the latest phishing techniques, enabling conditional access policies, regularly reviewing sign-in logs for suspicious activity, and ensuring that MFA methods are as secure as possible. Prompt patching and security updates for all software, including browsers and endpoint security solutions, are also crucial.

The emergence of Jalisco and OmegaLord underscores the need for continuous adaptation in cybersecurity defenses. As attackers refine their tools and techniques, organizations must invest in advanced threat detection and response capabilities, alongside comprehensive user awareness training, to mitigate the growing risk posed by sophisticated phishing operations.

Synthesized by Vypr AI