403
Sorry!!
Error! We're sorry, but the page you were looking for doesn't exist.
Infoblox Exposes How Coordinated Phishing Campaign Utilizes “Evilginx” to Target American Universities
(MENAFN- Procre8) DUBAI, UAE, 10th December, 2025: Infoblox Threat Intel has uncovered a coordinated phishing campaign targeting at least 18 U.S. universities, powered by the widely used “Evilginx” toolkit. Evilginx is an open-source, advanced phishing framework that uses “adversary-in-the-middle” (AiTM) tactics to steal login credentials and session cookies, allowing it to bypass multi-factor authentication (MFA) on campus portals.
The top five universities targeted were the University of California Santa Cruz, the University of California Santa Barbara, the University of San Diego, Virginia Commonwealth University and the University of Michigan.
Key insights identified by Infoblox include:
•Evilginx was used to hijack student accounts: The actor used Evilginx (likely v3.0), an open-source AiTM kit that proxies real login flows and steals session cookies, allowing account takeover even when MFA is enabled.
•DNS patterns reveal 70 impacted domains: Despite short-lived URLs and Cloudflare masking, the actor left identifiable DNS fingerprints, enabling Infoblox to map nearly 70 related domains and track activity from April to November 2025.
•18 universities targeted with personalized emails: Students received dynamic TinyURL links generated via Evilginx, each impersonating university SSO portals with brand-matched subdomains and unique URLs.
•Advanced evasion tactics complicate detection: The campaign used Cloudflare proxies, short-lived URLs and reverse-proxy obfuscation to resist scanners and hide the hosting origin.
The investigation began when a security practitioner at a targeted institution reported suspicious login activity, prompting Infoblox to examine DNS patterns associated with the attack. That community tip enabled researchers to connect the dots across multiple higher-education environments and map a campaign that had been operating largely undetected for months.
“Universities remain a common target for malicious actors, who show little concern for the damage they cause or the value of the systems they lock down,” said Dr. Renée Burton, Vice President of Infoblox Threat Intel. “In one particularly sad case, attackers infiltrated the University of Washington and compromised the Burke Museum of Natural History’s systems. Their actions ultimately destroyed part of the museum’s digital catalog of plant and animal specimens—an invaluable record, built through years of voluntary effort, preserving knowledge of extinct and endangered species.”
The top five universities targeted were the University of California Santa Cruz, the University of California Santa Barbara, the University of San Diego, Virginia Commonwealth University and the University of Michigan.
Key insights identified by Infoblox include:
•Evilginx was used to hijack student accounts: The actor used Evilginx (likely v3.0), an open-source AiTM kit that proxies real login flows and steals session cookies, allowing account takeover even when MFA is enabled.
•DNS patterns reveal 70 impacted domains: Despite short-lived URLs and Cloudflare masking, the actor left identifiable DNS fingerprints, enabling Infoblox to map nearly 70 related domains and track activity from April to November 2025.
•18 universities targeted with personalized emails: Students received dynamic TinyURL links generated via Evilginx, each impersonating university SSO portals with brand-matched subdomains and unique URLs.
•Advanced evasion tactics complicate detection: The campaign used Cloudflare proxies, short-lived URLs and reverse-proxy obfuscation to resist scanners and hide the hosting origin.
The investigation began when a security practitioner at a targeted institution reported suspicious login activity, prompting Infoblox to examine DNS patterns associated with the attack. That community tip enabled researchers to connect the dots across multiple higher-education environments and map a campaign that had been operating largely undetected for months.
“Universities remain a common target for malicious actors, who show little concern for the damage they cause or the value of the systems they lock down,” said Dr. Renée Burton, Vice President of Infoblox Threat Intel. “In one particularly sad case, attackers infiltrated the University of Washington and compromised the Burke Museum of Natural History’s systems. Their actions ultimately destroyed part of the museum’s digital catalog of plant and animal specimens—an invaluable record, built through years of voluntary effort, preserving knowledge of extinct and endangered species.”
Legal Disclaimer:
MENAFN provides the
information “as is” without warranty of any kind. We do not accept
any responsibility or liability for the accuracy, content, images,
videos, licenses, completeness, legality, or reliability of the information
contained in this article. If you have any complaints or copyright
issues related to this article, kindly contact the provider above.
Most popular stories
Market Research
More Story
Comments
No comment