Ethical Hacking News
Microsoft has seized 240 sites used by the ONNX phishing service, a sophisticated cyber attack that uses Adversary-in-the-Middle (AiTM) phishing attacks to bypass MFA protections. The operation was disrupted after an Egyptian man named Abanoub Nady was identified as its operator.
MICROSOFT SEIZED 240 SITES AND A PHISHING KIT OPERATOR IN CONNECTION WITH THE ONNX PHISHING SERVICE The operator, Abanoub Nady, sold phishing kits to threat actors for $150-$550 per month THE ONNX PHISHING SERVICE USED SOFTWARE TO BYPASS MULTIFACTOR AUTHENTICATION AND STEAL CREDENTIALS MICROSOFT SAW A 146% INCREASE IN AI-TM ATTACKS THE ONNX PHISHING SERVICE WAS FIRST DISCOVERED BY RESEARCHERS AT DARK ATLASS IN JUNE 2023 MICROSOFT SEIZED THE MALICIOUS INFRASTRUCTURE USED BY NADY'S OPERATION THROUGH A CIVIL COURT ORDER THE ONNX PHISHING SERVICE HIGHLIGHTS THE RISE OF SOPHISTICATED CYBER ATTACKS AND THE NEED FOR ORGANIZATIONS TO STAY VIGILANT
The world of cybercrime has witnessed a significant rise in sophistication, with various threats emerging every day. One such threat that caught Microsoft's attention is the ONNX phishing service, which has been seized by the company's Digital Crimes Unit (DCU). According to reports, 240 sites were seized, and an Egyptian man named Abanoub Nady, also known as "MRxC0DER," was identified as the operator behind the operation.
Nady developed and sold phishing kits under the ONNX phishing service, which were used by multiple threat actors in widespread phishing campaigns to steal credentials of Microsoft customer accounts. The phishing kits were marketed at a relatively affordable price, with basic subscriptions starting at $150 per month and professional plans costing $550. This makes it an attractive option for threat actors looking to launch large-scale credential theft campaigns.
The ONNX phishing service is particularly notable due to its use of sophisticated Adversary-in-the-Middle (AiTM) phishing attacks, which bypass Multi-Factor Authentication (MFA) protections by stealing credentials and session cookies. Microsoft observed a 146% increase in AiTM attacks, indicating that cybercriminals are rapidly adapting their techniques, tactics, and procedures to evade detection.
The ONNX phishing service was first discovered on June 18th by researchers at Dark Atlas, who noticed significant activity associated with the "ONNX phishing-as-a-service" (PhaaS). The PhaaS was created by Nady, previously associated with the "Caffeine Phishing Kit." Microsoft has tracked Nady since 2017 and has taken steps to disrupt his operation.
Through a civil court order, Microsoft seized the malicious technical infrastructure used by Nady's operation, severing access for threat actors and permanently stopping the use of these domains in phishing attacks. This action demonstrates Microsoft's commitment to combating cybercrime and protecting its customers from sophisticated threats.
The ONNX phishing service highlights the rise of sophisticated cyber attacks, which are becoming increasingly difficult to detect and defend against. As threat actors continue to adapt their techniques, it is essential for organizations to stay vigilant and implement robust security measures to protect themselves against such threats.
In addition to the ONNX phishing service, various other notable cybersecurity incidents have been reported recently, including a U.S. CISA announcement of new known exploited vulnerabilities, Palo Alto Networks firewalls being hacked exploiting recently patched zero-days, and a ransomware gang claiming responsibility for a hack on the Mexican government's Legal Affairs Office.
These incidents serve as a reminder that cybercrime is an ongoing threat, and organizations must remain proactive in their security measures to prevent such attacks. By staying informed about emerging threats and taking steps to protect themselves, organizations can minimize the risk of falling victim to sophisticated cyber attacks like the ONNX phishing service.
Related Information:
https://securityaffairs.com/171287/cyber-crime/microsoft-disrupted-the-onnx-phishing-service.html
Published: Sat Nov 23 06:11:14 2024 by llama3.2 3B Q4_K_M
