Threat Intelligence Report

DNS Uncovers Infrastructure Used in SSO Attacks

📅 December 2, 2025 📰 blogs.infoblox.com 🔍 0 CVE(s) referenced

A sophisticated threat actor has used the Evilginx adversary-in-the-middle phishing framework to bypass multi-factor authentication and compromise student SSO portals at at least 18 U.S. universities, evading traditional security measures but leaving detectable DNS fingerprints that enable ongoing tracking and protection.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle