A social engineering technique called 'MFA Fatigue', aka 'MFA push spam', is growing more popular with threat actors as it does not require malware or phishing infrastructure and has proven to be successful in attacks.
Here's a good, recent description of the TTP that has been trending in cybersecurity industry news for the past year or so:
MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches (bleepingcomputer.com)
Most of your top-tier competitors have released product updates this year to address this problem. Some examples are below:
- Competitor implementation: Azure MFA (Number Matching)
- Competitor implementation: CIsco DUO (Verified Duo Push)
Duo Administration - Policy & Control | Duo Security
- Competitor implemention: Okta (Number Challenge)