Microsoft Strikes Back Seizes Over 240 Phishing Websites in Major Crackdown

Microsoft has launched a significant offensive against cybercrime by seizing more than 240 fraudulent websites linked to an Egypt-based cybercrime facilitator known online as "MRxC0DER." This operation, named ONNX, was a major player in the phishing-as-a-service (PhaaS) market, offering do-it-yourself phishing kits to cybercriminals globally. The kits were used to target companies and individuals across various sectors, with a particular focus on the financial industry, stealing user credentials and bypassing security measures.

The crackdown was part of a concerted effort by Microsoft's Digital Crimes Unit (DCU) to disrupt cybercrime and protect customers from downstream threats like financial fraud, data theft, and ransomware. The operation came to light through Microsoft's Digital Defense Report, which identified ONNX as the top Adversary in the Middle (AitM) phishing service by email volume during the first half of 2024.

Abanoub Nady, the alleged operator behind ONNX, developed and sold these kits under the fraudulent ONNX brand, which is actually a legitimate trademark owned by the Linux Foundation for an open-source machine learning platform. Microsoft, in collaboration with the U.S. Department of Justice and the Linux Foundation, obtained a civil court order in the Eastern District of Virginia to redirect the malicious website infrastructure to their control, effectively halting the operation.

The fraudulent ONNX operation had been active since at least 2017, offering various subscription models ranging from $150 to $550 monthly. These kits were marketed and sold through online storefronts and social media platforms like Telegram, where cybercriminals could access tutorials and technical support to orchestrate sophisticated phishing campaigns. The kits were particularly notorious for enabling attacks that could bypass two-factor authentication (2FA) by intercepting 2FA requests.

Recent months saw an uptick in these attacks, with a notable increase in QR code phishing (quishing) tactics, where malicious QR codes were embedded in PDF attachments, directing victims to fake login pages. The financial sector, given its handling of sensitive data and transactions, was the primary target, though other sectors were not immune to these attacks.

Microsoft's action against ONNX is part of a broader strategy to target the infrastructure of cybercrime operations. This approach not only disrupts current activities but also aims to deter future cybercriminals by increasing the difficulty and cost of engaging in such illicit activities. The tech giant has been proactive in this regard, having previously disrupted other cybercrime operations like Storm-1152 and Russian ColdRiver FSB hackers' attack infrastructure.

The threat actor takedown of ONNX sends a strong message to the cybercriminal community: Microsoft will not stand idly by while its services and customers are exploited. This operation underscores the importance of collaboration between tech companies, law enforcement, and industry partners to combat cybercrime effectively. It also highlights the evolving nature of cyber threats, urging organizations and individuals to stay vigilant and employ robust security measures.

While the disruption of ONNX is a significant victory, Microsoft acknowledges that other threat actors will likely fill the void left by this operation. However, this proactive stance by Microsoft, through legal and technical strategies, aims to have a lasting impact on the cybercrime landscape, making it a more challenging environment for malicious actors to operate in.

This operation is particularly relevant for those in the cybersecurity field, offering insights into the methods used by cybercriminals and the comprehensive strategies employed to mitigate such threats. It reinforces the need for continuous vigilance and adaptation in cybersecurity practices to protect against the ever-evolving tactics of cybercriminals.

Visit our website to get cybersecurity updates like this, thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: