‘ONNX’ MFA Bypass Targets Microsoft 365 Accounts

The service, likely a rebrand of a previous operation called ‘Caffeine,’ mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics.