Ethical Hacking News
Microsoft has seized 240 domains used by the ONNX phishing-as-a-service operation, a significant step in its efforts to combat phishing attacks and protect customers from cybercriminals.
Microsoft seized 240 domains used by the ONNX phishing-as-a-service operation. The operation, which targeted companies and individuals worldwide since at least 2017, was identified as the top Adversary in the Middle (AitM) phishing service. The phishing emails used built-in two-factor authentication (2FA) bypass mechanisms to deceive victims. Microsoft's Digital Crimes Unit disrupted and dismantled the operation through a civil court order, severing access to the threat actors. The action aims to protect customers by raising barriers of entry for malicious actors and deterring future cybercriminal behavior.
Microsoft has taken a significant step in its efforts to combat phishing attacks by seizing 240 domains used by the ONNX phishing-as-a-service (PhaaS) operation. This operation, which was identified as the top Adversary in the Middle (AitM) phishing service by volume of phishing messages during the first half of 2024, has been targeting companies and individuals across the United States and worldwide since at least 2017.
According to Microsoft's Digital Defense Report 2024, ONNX, also known as Caffeine and FUHRER, was a major player in the phishing-as-a-service market. The operation used various subscription models, ranging from $150 to $550 monthly, to promote its phish kits. These kits were designed to target a variety of companies across the technology sector, including Google, Dropbox, Rackspace, and Microsoft itself.
The ONNX operation was notable for its use of built-in two-factor authentication (2FA) bypass mechanisms in its phishing emails. These emails often included PDF attachments containing malicious QR codes that redirected potential victims to pages resembling legitimate Microsoft 365 login pages, asking them to enter their credentials. The attackers also used QR code phishing tactics, leveraging the fact that victims would typically scan QR codes on their personal mobile devices for business purposes as part of their firms' Bring Your Own Device (BYOD) programs.
Microsoft's Digital Crimes Unit has been actively working to disrupt and dismantle such operations. In this case, the company seized 240 domains used by ONNX customers and took action against Abanoub Nady, also known online as MRxC0DER, who was identified as the owner of the operation. Through a civil court order, Microsoft redirected the malicious technical infrastructure to itself, severing access to the threat actors, including the fraudulent ONNX operation and its cybercrime customers.
The action aims to protect customers by severing malicious actors from the infrastructure required to operate and deter future cybercriminal behavior by significantly raising the barriers of entry and the cost of doing business. Microsoft is joined in this effort by co-plaintiff LF (Linux Foundation) Projects, LLC, the trademark owner of the actual registered 'ONNX' name and logo.
This seizure is part of a broader trend of Microsoft disrupting phishing-as-a-service operations. In October, the company seized over 100 domains used in spear-phishing attacks against U.S. government employees and Russian nonprofit organizations. Last December, Microsoft's Digital Crimes Unit took action against a major cybercrime-as-a-service provider that registered over 750 million fraudulent Microsoft email accounts.
The disruption of ONNX phishing-as-a-service operation highlights the importance of collaboration between tech companies and law enforcement agencies in combating online threats. By working together, these entities can significantly reduce the risk of falling victim to such attacks.
Related Information:
https://www.bleepingcomputer.com/news/security/microsoft-disrupts-onnx-phishing-as-a-service-infrastructure/
Published: Thu Nov 21 14:16:00 2024 by llama3.2 3B Q4_K_M
