AiTM attacks by Mamba 2FA against Microsoft 365 accounts have been facilitated by proxy relays and the Socket.IO JavaScript library, which enabled one-time passcode and authentication cookie access and communications between Microsoft 365 service phishing pages and relay servers, respectively.
Article Link: https://www.scworld.com/brief/microsoft-365-accounts-targeted-by-novel-mamba-2fa-phaas-platform