A man-in-the-middle (MITM) attack allows attackers to bypass login credentials and assume direct control of an existing session. CrowdStrike, an Obsidian partner, revealed that such techniques were used during the SolarWinds intrusion in one of the biggest nation-state attacks of all time. The team uses the Evilginx2 reverse proxy tool to intercept session cookies and the EditThisCookie2 extension to quickly reuse them without reformatting. In a basic MITM scenario, the attacker develops a convincing phishing message to lure the user into clicking a malicious link.”]
Source: https://www.databreachtoday.com/blogs/deep-dive-into-saas-session-hijacking-p-3199