Hero Graphics Right 01
Hero Graphics Right 02

EvilTokens: Big Cybercrime’s AI Platform Built to Bypass Your MFA

On-Demand Webinar

If you missed this session on May 5, you can now watch it on demand.

Hear experts from Microsoft and Huntress break down the EvilTokens campaign and learn what it reveals about the next phase of AI-enabled cybercrime. 


You’ll understand how attackers used trusted services and legitimate authentication flows to make highly tailored phishing harder to spot and easier to scale. You’ll also come away with a clearer view of why this campaign felt different and what defenders should be rethinking now.

Huntress platform

Sherrod DeGrippo

Sherrod DeGrippo is General Manager of Global Threat Intelligence and host of the Microsoft Threat Intelligence Podcast. She has been recognized as Cybersecurity Woman of the Year (2022) and Cybersecurity PR Spokesperson of the Year (2021).

Before her current role, Sherrod served as Director of Threat Intelligence Strategy at Microsoft. Her background also includes serving as Vice President of Threat Research and Detection at Proofpoint, where she led a global team focused on threat research, malware analysis, and intelligence operations. With more than two decades of cybersecurity experience, she has held senior roles at Nexum, Symantec, Secureworks, and the National Nuclear Security Administration.

Sherrod is a frequently cited expert across major media outlets and a regular speaker at global security conferences.


Huntress platform

Lindsey O'Donnell-Welch

Lindsey is Principal Technical Community Engagement Writer at Huntress. With more than a decade of experience translating complex security topics into compelling stories, Lindsey brings a sharp editorial eye and a passion for clarity to the Huntress team. Her mission? Breaking down the intricate world of cybersecurity to make it accessible for everyone. It’s one of the many reasons she loves being part of Huntress, where educating the public about threats takes center stage.

Before joining Huntress, Lindsey built her reputation in journalism, covering the intersection of technology and businesses. She’s reported for top cybersecurity publications like Threatpost and Decipher, delivering trusted coverage on everything from the SolarWinds supply chain breach to the SEC’s cybersecurity disclosure rules.

Lindsey’s go-to security advice? “Enable MFA and use a password manager—your future self will thank you.” When she’s not writing about cyber threats, you’ll likely find her on the tennis court or exploring new trails with her endlessly energetic pup.


Huntress platform

Jamie Levy

Jamie is Senior Director, Adversary Tactics at Huntress. She's a researcher, developer and board member of the Volatility Foundation. She has worked over 15 years in the digital forensics industry, conducting investigations as well as building out software solutions. Jamie is also a co-author of The Art of Memory Forensics, the first book of its kind covering various facets of how to investigate RAM artifacts.

Huntress platform
NEW REPORT

See the new phishing playbook

Go deeper on how EvilTokens used AI, trusted Microsoft 365 auth flows, and highly personalized lures to steal tokens at scale. This report breaks down how AI gave phishing an upgrade and what defenders should do next.

Huntress platform

Know Your Adversary: Counter Operations that Wreck Global Cybercrime

Cybercriminals rarely pay the price. Silk Typhoon’s Microsoft Exchange campaign was different. After years of operating in the shadows, this state-backed group scaled up its attack, leaving defenders to untangle 88,000 web shells across compromised systems.

In this episode of _declassified, John Hammond and Kyle Hanslovan go inside the counter operation that helped turn technical evidence into intelligence the FBI could use. Brett Leatherman, Assistant Director of the FBI’s Cyber Division, joins to unpack Operation Riptide and the ongoing work to disrupt the ecosystems that let cybercriminals keep moving.

In cybercrime, the victim usually pays. This time, it ended with handcuffs.