| Category | Details |
|---|---|
| Threat Actors | Abanoub Nady (a.k.a. MRxC0DER) and four unidentified individuals. |
| Campaign Overview | Operated 240 phishing websites under the fraudulent “ONNX Store” to sell phishing kits bypassing security. |
| Target Regions (Victims) | Global; targeted Microsoft 365 users and the financial services sector. |
| Methodology | - Phishing-as-a-Service (PaaS). - Use of QR code-based phishing (quishing). - Subscription tiers and support for phishing campaigns. |
| Product Targeted | Microsoft 365 accounts; financial data from the financial services sector. |
| Malware Reference | Not explicitly mentioned; phishing kits/tools used for attacks. |
| Tools Used | ONNX phishing kits, Telegram for communications, subscription-based PaaS model. |
| Vulnerabilities Exploited | Social engineering techniques such as phishing and quishing; exploiting trust in branded platforms and QR codes. |
| TTPs | - Selling phishing kits through branded storefronts. - Leveraging Telegram for customer communications. - Using QR codes to bypass traditional phishing defenses. |
| Attribution | Microsoft and researchers (Dark Atlas, Mandiant) identified Abanoub Nady as the key operator. |
| Recommendations | - Enhance email and PDF scanning for QR-based phishing attempts. - Monitor and block malicious domains associated with ONNX. - Collaborate with other organizations to combat PaaS cybercrime. |
| Source | The Record |
Read full article: https://therecord.media/microsoft-seizes-websites-onnx-phishing
The above summary has been generated by an AI language model
Leave a Reply