- The Microsoft Digital Crimes Unit has seized 240 fraudulent sites
- The sites were used by ONNX to sell phishing templates
- Phishing attacks target millions of users per month
Millions of phishing emails targeting victims every day use ‘do it yourself’ phishing kits developed by Egypt-based ONNX – but the Microsoft Digital Crimes Unit has now seriously disrupted this operation, seizing 240 fraudulent websites used to help sell Phishing-as-a-Service (PaaS) kits.
Phishing poses a real threat to individuals and organizations alike, with successful phishing attacks delivering devastating financial and data loss. Cybercriminals have taken this further by developing ‘kits’ to sell to other criminals to help develop widespread phishing campaigns and bypass security measures by intercepting MFA requests.
The attacks that originate from the ‘do it yourself’ kits represent a significant portion of the tens of millions of phishing attacks Microsoft accounts receive each month. The ONNX operation is one of the top five phish kit providers by email volume in 2024, according to Microsoft’s digital defense reports, so the disruption is significant.
Name and shame
Microsoft has decided to publicly name the individual behind the storefront, Abanoub Nady (known online as “MRxC0DER”), who has been tied to the operation as far back as 2017, and is well established in the PaaS sphere.
ONNX offers a tiered subscription service, with basic, professional, and enterprise plans – which are promoted, sold, and configured through Telegram, and they even provide ‘how to’ videos for criminals to properly implement the phishing kits.
Many of the kits used a technique called ‘quishing’, or QR code phishing, which prompts users to scan codes where they are redirected to malicious fake websites to enter personal or payment information.
“As we’ve said before, no disruption is complete in one action. Effectively combatting cybercrime requires persistence and ongoing vigilance to disrupt new malicious infrastructure,” said Assistant General Counsel, Microsoft’s Digital Crimes Unit, Steven Masada.
“While today’s legal action will substantially hamper the fraudulent ONNX’s operations, other providers will fill the void, and we expect threat actors will adapt their techniques in response.”