Microsoft Takes Down Major Phishing Empire Behind Millions of Scam Emails

Microsoft Takes Down Major Phishing Empire Behind Millions of Scam Emails

Microsoft’s Fight Against ONNX Phishing Operation

Microsoft has successfully seized 240 domains associated with ONNX, a major phishing-as-a-service (PhaaS) platform that has been targeting organizations globally since 2017. Key points:

Key Features of ONNX:
– Also known as Caffeine and FUHRER
– Top Adversary in the Middle (AitM) phishing service in early 2024
– Targeted Microsoft 365 and other tech companies’ accounts
– Offered subscription plans ranging from $150-$550 monthly
– Operated through Telegram with sophisticated 2FA bypass capabilities

Technical Aspects:
– Utilized QR code phishing (quishing) tactics
– Employed encrypted JavaScript and bulletproof hosting
– Targeted financial institutions’ employees
– Bypassed traditional security measures through mobile device exploitation

Operation Shutdown:
– ONNX operations ceased in June after owner’s identity was revealed
– Microsoft obtained court order in Eastern District of Virginia
– Domains redirected to Microsoft, preventing further malicious use
– Linux Foundation joined as co-plaintiff due to trademark concerns

Impact:
– Affected millions of users monthly
– Targeted major tech companies including Google, DropBox, and Rackspace
– Represented a significant portion of global phishing attempts

This action demonstrates Microsoft’s ongoing commitment to cybersecurity and follows their recent successful operations against other cyber threats, including Russian FSB hackers and fraudulent email account creators.

Share This Article