Summary This blog is a follow-up to our recent publication which described the details of a large-scale phishing campaign targeting enterprise users of Microsoft email services. Beginning in mid-July 2022, ThreatLabz started observing instances of adversary-in-the-middle (AiTM) phishing attacks targeted towards enterprise users of Gmail. Upon further analysis of the attack chain, we identified multiple similarities between this campaign and the previous AiTM phishing campaign targeting users of Microsoft email services. G Suite is the business version of Gmail, and is widely used in enterprises. This campaign specifically targeted chief executives and other senior members of various organizations which use G Suite. As we have already covered the technical details of AiTM techniques in our previous blog, we won't describe them again here. However, it is important to note that AiTM phishing kits can be used to target various websites and bypass multi-factor authentication. By using