Security News Microsoft disrupts ONNX phishing-as-a-service infrastructure

Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
Content source
https://www.bleepingcomputer.com/news/security/microsoft-disrupts-onnx-phishing-as-a-service-infrastructure/
Microsoft has seized 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across the United States and worldwide since at least 2017.

According to Microsoft's Digital Defense Report 2024, ONNX (also known as Caffeine and FUHRER) was the top Adversary in the Middle (AitM) phishing service by volume of phishing messages during the first half of 2024. Tens to hundreds of millions of phishing emails targeted Microsoft 365 accounts each month and customers of various other tech companies.

"These 'do it yourself' kits make up a significant portion of the tens to hundreds of millions of phishing messages observed by Microsoft each month and the fraudulent ONNX operation was a top 5 supplier in the first half of 2024," Microsoft told BleepingComputer.

"The fraudulent ONNX operation offered phishing kits designed to target a variety of companies across the technology sector, including Google, DropBox, Rackspace, and Microsoft."

ONNX promoted and sold the phish kits on Telegram using several subscription models (Basic, Professional, and Enterprise), ranging from $150 to $550 monthly.

The attacks, also controlled via Telegram bots, came with built-in two-factor authentication (2FA) bypass mechanisms and most recently targeted financial firms' employees (at banks, credit union service providers, and private funding firms) using QR code phishing (also known as quashing) tactics.

These emails included PDF attachments containing malicious QR codes that redirected potential victims to pages resembling legitimate Microsoft 365 login pages and asked them to enter their credentials.

"Threat actors leverage quishing attacks because victims will typically scan QR codes on their personal mobile devices (which the victim may use for business purposes, as part of their firms' Bring Your Own Device (BYOD) program)," U.S. securities industry regulator FINRA also warned in a recent alert. "As a result, these attacks are exceptionally difficult to monitor with typical endpoint detection."
Click to expand...
www.bleepingcomputer.com

Microsoft disrupts ONNX phishing-as-a-service infrastructure

Microsoft has seized 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across the United States and worldwide since at least 2017.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: harlan4096 and Dani Santos

Similar threads

Gandalf_The_Grey
    • Like
    • Hundred Points
    • Applause
Scams & Phishing News New Rockstar 2FA phishing service targets Microsoft 365 accounts
Replies
0
Views
182
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Security News Microsoft Sway abused in massive QR code phishing campaign
Replies
0
Views
1,356
Security News
Gandalf_The_Grey
Gandalf_The_Grey
enaph
    • +Reputation
    • Like
    • Wow
Scams & Phishing News Microsoft “Poisons” Phishing Data With Fake Creds to Catch Hackers
Replies
0
Views
1,402
Security News
enaph
enaph

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top