What is MFA Fatigue?

MFA Fatigue Explained

Imagine your phone buzzing repeatedly - sometimes late at night, sometimes during an important meeting - with a message asking you to approve a login you never initiated. That annoyance is the core mechanism of an MFA fatigue attack.

The attacker is not breaking into the system itself. They already have a real username and password, typically obtained through phishing, credential stuffing, or purchased from dark web marketplaces. They use these stolen credentials to initiate login attempts against a service that uses push-based MFA. Each attempt triggers a new notification on the target's phone.

The goal is straightforward: overwhelm the user with prompts until they get so annoyed, confused, or desperate for the notifications to stop that they tap "Approve" without thinking. It is a psychological attack that exploits tired, distracted, or frustrated people - and it works far more often than most security teams want to admit.

How the Attack Works Step by Step

An MFA fatigue attack follows a structured, deliberate pattern. Modern attackers often combine automated tooling with live social engineering for maximum effectiveness.

1. Credential Acquisition: The attacker obtains the target's username and password through phishing, a data breach, infostealer malware, or purchasing credentials on dark web markets.
2. Automated Login Attempts: Using scripts or dedicated tooling, the attacker initiates login attempts every few seconds, each triggering a new MFA push notification on the target's registered device.
3. The Push Bombing: The target's phone is flooded with a relentless stream of "Approve this login?" prompts. This may continue for minutes or hours, often timed for late-night or early-morning hours when the target is most vulnerable.
4. Social Engineering Layer (Optional): In more sophisticated attacks, the attacker simultaneously contacts the target via WhatsApp, SMS, or phone call, posing as IT support: "We see you're having login issues - please approve the prompt so we can fix your account."
5. Approval and Access: The exhausted or socially manipulated user taps "Approve." The attacker now has authenticated access and typically moves quickly to escalate privileges, enroll their own MFA device, and establish persistence.

Real-World Attacks: Uber, Cisco, and Beyond

MFA fatigue is not theoretical. It has been the critical enabler in some of the highest-profile breaches of recent years, carried out by some of the most active threat actor groups.

Uber - Lapsus$ (September 2022)

A member of the Lapsus$ group obtained credentials belonging to an external Uber contractor, likely from dark web markets after the contractor's personal device was infected with malware. The attacker then bombarded the contractor with MFA push notifications for over an hour. When that alone did not work, the attacker contacted the contractor directly on WhatsApp, impersonating Uber IT support, and instructed them to approve the prompt. The contractor complied. Once inside, the attacker found a PowerShell script on an internal network share containing hardcoded admin credentials for Uber's privileged access management system - giving them access to Duo, OneLogin, AWS, GSuite, and more.

Cisco - Yanluowang (August 2022)

The Yanluowang ransomware group compromised a Cisco employee by first hijacking their personal Google account, which had corporate credentials synced from the browser. They then used MFA fatigue - repeatedly triggering push notifications - combined with voice phishing (vishing) calls posing as trusted organizations. After gaining MFA approval, the attackers enrolled new devices for MFA under their control, then moved laterally to Citrix servers and domain controllers within Cisco's corporate network.

Scattered Spider / 0ktapus (2022-2023)

The Scattered Spider group (also tracked as 0ktapus, Scatter Swine, and UNC3944) ran a massive campaign targeting over 130 technology companies. Their playbook combined SMS phishing with MFA fatigue and live phone calls - they even called employees' family members to learn about internal authentication workflows. This group later escalated to targeting MGM Resorts and Caesars Entertainment, demonstrating how MFA fatigue techniques feed into larger, more destructive attack chains.

Why It Works: The Psychology Behind the Attack

The effectiveness of push bombing rests on well-understood aspects of human psychology that no amount of security training fully eliminates.

Habituation and Complacency

Users are conditioned to approve routine notifications. Over time, the MFA prompt becomes background noise - a minor step in a workflow rather than a deliberate security decision. When a flood of prompts arrives, the instinct is to treat it as a technical glitch rather than a security incident.

Cognitive Load and Decision Fatigue

When faced with repetitive stimuli under stress, the brain seeks the quickest resolution. The mental effort of repeatedly opening the app, checking context, and hitting "Deny" - or worse, calling the help desk - feels harder than just tapping "Approve" once. This is especially true when the attack is timed for 2 AM.

The Social Engineering Multiplier

When push bombing is combined with a phone call from someone claiming to be IT support, the effectiveness increases dramatically. The user now has a "reason" to approve - they are being told it will fix the problem. This is exactly how the Uber and Cisco breaches succeeded, and it is the reason that MFA fatigue should always be considered a social engineering attack, not purely a technical one.

Defenses and How Threat Actors Adapted

The security industry responded to the wave of MFA fatigue breaches in 2022 with several defensive measures. Threat actors, in turn, evolved their techniques to circumvent each one. Understanding this arms race is essential for choosing the right controls.

Number Matching

Instead of a simple "Approve/Deny" button, the login screen displays a two-digit number (e.g., "42"), and the user must type that number into their authenticator app to proceed. Microsoft made number matching the default for Authenticator push notifications in May 2023. This eliminates blind approvals and is a significant improvement.

How attackers adapted: Number matching does not stop a determined attacker who combines push bombing with live social engineering. The attacker calls the victim, reads them the number displayed on the login screen, and instructs them to enter it. In enterprise environments with passwordless authentication enabled, attackers can trigger number matching prompts without even knowing the user's password. Number matching also does nothing against adversary-in-the-middle (AiTM) attacks, where the proxy captures the number match in real time.

Rate Limiting and Throttling

Identity providers can limit the number of MFA push attempts per account within a given window - for example, a maximum of 5 prompts in 5 minutes before the account is temporarily locked.

How attackers adapted: Attackers simply pace their attempts to stay under the threshold, spreading the bombing over a longer window. Some use "low and slow" approaches - sending a few prompts every 15-20 minutes over several hours, which avoids rate limit triggers while still wearing down the user.

Geolocation and Conditional Access

Conditional access policies can block or challenge login attempts from unusual locations, unmanaged devices, or high-risk IP addresses.

How attackers adapted: Residential proxy services and compromised home routers allow attackers to route traffic through IP addresses in the same geographic region as the target. Adversary-in-the-middle proxies inherit the victim's own session context, making geolocation checks irrelevant.

The AiTM Evolution

The most significant shift in how attackers defeat MFA - including defenses against fatigue attacks - is the rise of adversary-in-the-middle (AiTM) phishing. Rather than bombing the user with prompts, the attacker places a reverse proxy (using toolkits like Evilginx or EvilProxy) between the user and the real login page. The user authenticates normally - entering their password and completing number matching or any other MFA challenge - but the proxy captures the resulting session cookie. The attacker then replays that cookie to access the account without ever triggering another MFA prompt.

This is critically important because AiTM bypasses every form of MFA that relies on codes, push notifications, or number matching. Sekoia recorded a 67% quarter-over-quarter spike in live EvilProxy phishing URLs in 2025, and at least 18 universities were targeted with Evilginx 3.0 campaigns since April 2025. AiTM has effectively become the successor to brute-force MFA fatigue for sophisticated threat actors.

To see how an Evilginx-based AiTM attack works in practice - from phishing setup through MFA bypass to lateral movement in Azure - try the Bypass Azure MFA with Evilginx lab on Pwned Labs.

Organizational Impact

The consequences of a successful MFA fatigue or MFA bypass attack extend far beyond a single compromised account.

Impact	Description
Ransomware and Extortion	The attacker gains an initial foothold, enabling lateral movement and deployment of ransomware. Both the Cisco/Yanluowang and MGM/Scattered Spider incidents followed this pattern.
Data Breach and Regulatory Fines	Access to systems containing customer, proprietary, or financial data leads to regulatory penalties under GDPR, HIPAA, PCI DSS, and similar frameworks.
Identity System Compromise	If the compromised account belongs to an IT administrator, the attacker can disable MFA for other users, create backdoor accounts, or enroll attacker-controlled MFA devices - exactly what happened in the Uber breach.
Supply Chain Risk	Compromising a single contractor or vendor (as in the Uber case) can provide access to the larger organization's network, turning one breach into many.

Detection Strategies

For security teams, identifying an MFA fatigue attack in progress requires proactive monitoring of identity and authentication logs.

• Surge in Failed MFA Attempts: A spike in denied push notifications for a single account within a short timeframe is the strongest signal. A legitimate user might fail once; an attacker bombing will generate dozens of failures in minutes.
• Impossible Travel: Login attempts from multiple, geographically distant locations within an impossible travel window indicate an attacker using VPNs or proxy services.
• Off-Hours Authentication: A pattern of MFA prompts at 2 AM or 3 AM local time for a user who normally authenticates during business hours is a strong indicator of sleep bombing.
• User Reports: Security teams must treat reports of "my phone won't stop buzzing" as a critical security incident - not a helpdesk ticket. This is the primary human-based detection signal.
• New MFA Device Enrollment: If a successful MFA approval is immediately followed by enrollment of a new device, this is a high-confidence indicator of account takeover.

Prevention: What Actually Works

The defense-in-depth approach to MFA fatigue must account for how threat actors have adapted to each countermeasure. No single control is sufficient.

Phishing-Resistant MFA (FIDO2 / Passkeys)

This is the definitive solution. FIDO2 security keys (like YubiKeys) and platform passkeys perform a cryptographic handshake that is bound to the specific domain of the legitimate website. A phishing proxy at a different domain cannot complete this handshake, making both MFA fatigue and AiTM attacks impossible. There are no codes to intercept, no prompts to approve, and no session cookies to steal through a proxy. Microsoft, Google, and CISA all recommend FIDO2 as the gold standard for authentication.

The adoption challenge is real - rolling out hardware keys to hundreds or thousands of employees requires logistics, training, and fallback planning. Platform passkeys (built into Windows Hello, Apple Touch ID/Face ID, and Android biometrics) significantly lower this barrier by eliminating the need for separate hardware.

Number Matching (Minimum Baseline)

If FIDO2 is not yet deployed, number matching should be the absolute minimum. It eliminates blind approvals and forces the user to actively engage with the login context. Microsoft Entra ID, Duo, and Okta all support this. However, it is important to understand that number matching is not phishing-resistant and can be defeated by social engineering or AiTM proxies.

Conditional Access and Risk-Based Authentication

Layer conditional access policies that evaluate device compliance, network location, sign-in risk score, and user behavior before allowing authentication. High-risk sign-ins should require a stronger factor (e.g., FIDO2 key) or be blocked entirely. This reduces the attack surface even when the primary MFA method is not phishing-resistant.

Rate Limiting with Automatic Lockout

Configure identity providers to enforce strict limits on push attempts - for example, 3 denied prompts within 5 minutes triggers a temporary account lockout and an automatic alert to the security team. This does not stop all attacks but raises the cost and visibility of bombing attempts.

User Training That Addresses the Real Threat

Generic "don't click suspicious links" training is insufficient. Users need to understand specifically that unexpected MFA prompts are an attack in progress, that IT support will never ask them to approve a prompt or read a code over the phone, and that the correct response is to deny and report immediately. Simulated MFA fatigue exercises - similar to phishing simulations - can build this muscle memory.

The Bigger Picture: Where MFA Is Heading

MFA fatigue exposed a fundamental weakness in push-based authentication: it relies on a human making the right decision under pressure. Every defense that still depends on user action - whether approving a prompt, entering a code, or typing a number - remains vulnerable to social engineering at some level.

The industry is moving toward authentication methods that remove the human decision point entirely. FIDO2 passkeys, device-bound credentials, and certificate-based authentication all verify identity through cryptographic proof rather than user interaction. As AiTM toolkits like Evilginx and EvilProxy become commoditized and available as phishing-as-a-service platforms, the window for relying on traditional MFA is closing.

For organizations still running simple push-based MFA, the priority should be clear: deploy number matching immediately as a stopgap, plan a migration to FIDO2/passkeys, and implement conditional access policies that limit the blast radius when (not if) an account is compromised.

Related Labs

Explore MFA bypass techniques in a hands-on lab environment:

• Bypass Azure MFA with Evilginx - Set up an Evilginx reverse proxy to intercept Azure AD authentication, capture session tokens that bypass MFA entirely, and perform post-compromise lateral movement in Azure.

Frequently Asked Questions

What is MFA fatigue?

MFA fatigue (also called MFA bombing or push spam) is a social engineering technique where an attacker repeatedly triggers MFA push notifications to a target's device after obtaining their username and password. The goal is to wear down the victim until they approve a request out of frustration, confusion, or to stop the notifications.

How did attackers use MFA fatigue in the Uber breach?

In September 2022, an attacker affiliated with Lapsus$ obtained an Uber contractor's credentials and bombarded them with push notifications over an extended period. When that failed, the attacker contacted the contractor on WhatsApp posing as IT support and convinced them to approve the request. This gave the attacker access to Uber's internal systems, including Slack, HackerOne tickets, and cloud infrastructure.

Does number matching stop MFA fatigue attacks?

Number matching significantly raises the difficulty of MFA fatigue attacks because the user must enter a code displayed on the login screen, not just tap "Approve." However, it does not eliminate the threat entirely. Attackers have adapted by calling victims and socially engineering them into reading back the number, or by using real-time AiTM proxy tools that relay the challenge to the victim seamlessly.

What is the most effective defense against MFA fatigue?

FIDO2/passkeys are the most effective defense because they are phishing-resistant by design. The authentication is bound to the legitimate domain cryptographically, so there is no secret for an attacker to intercept or socially engineer out of the user. For organizations that cannot yet deploy FIDO2, combining number matching with rate limiting, conditional access policies, and anomalous login alerting provides a strong interim defense.

How do AiTM proxies bypass MFA?

Adversary-in-the-middle (AiTM) proxies like Evilginx sit between the victim and the legitimate login page, relaying traffic in real time. The victim completes their normal MFA flow (including number matching) on what appears to be the real site, but the proxy captures the resulting session token. The attacker then uses this token to access the account without needing to repeat the MFA challenge.