| Category | Details |
|---|---|
| Threat Actors | Abanoub Nady (a.k.a. MRxC0DER) and four unidentified individuals. |
| Campaign Overview | Operated 240 phishing websites under the fraudulent “ONNX Store” to sell phishing kits bypassing security. |
| Target Regions (Victims) | Global; targeted Microsoft 365 users and the financial services sector. |
| Methodology | – Phishing-as-a-Service (PaaS). – Use of QR code-based phishing (quishing). – Subscription tiers and support for phishing campaigns. |
| Product Targeted | Microsoft 365 accounts; financial data from the financial services sector. |
| Malware Reference | Not explicitly mentioned; phishing kits/tools used for attacks. |
| Tools Used | ONNX phishing kits, Telegram for communications, subscription-based PaaS model. |
| Vulnerabilities Exploited | Social engineering techniques such as phishing and quishing; exploiting trust in branded platforms and QR codes. |
| TTPs | – Selling phishing kits through branded storefronts. – Leveraging Telegram for customer communications. – Using QR codes to bypass traditional phishing defenses. |
| Attribution | Microsoft and researchers (Dark Atlas, Mandiant) identified Abanoub Nady as the key operator. |
| Recommendations | – Enhance email and PDF scanning for QR-based phishing attempts. – Monitor and block malicious domains associated with ONNX. – Collaborate with other organizations to combat PaaS cybercrime. |
| Source | The Record |
Read full article: https://therecord.media/microsoft-seizes-websites-onnx-phishing
The above summary has been generated by an AI language model
Leave a Reply