Microsoft Disrupts ONNX Phishing-as-a-Service Operation ️

In a groundbreaking move, Microsoft has taken down 240 domains tied to ONNX, a phishing-as-a-service (PhaaS) platform responsible for targeting millions of users globally since 2017. This significant action disrupts one of the largest phishing operations, protecting Microsoft 365 accounts and other tech users worldwide.

ONNX, also known as Caffeine and FUHRER, ranked among the top adversaries in phishing attacks, as revealed in Microsoft’s Digital Defense Report 2024. ONNX sold DIY phishing kits via Telegram, with monthly subscription models ranging from $150 to $550. These kits were designed to target platforms like:

GoogleDropboxRackspaceMicrosoft 365Two-Factor Authentication (2FA) Bypass: ONNX utilized advanced mechanisms to intercept 2FA codes, ensuring successful breaches.QR Code Phishing (Quishing): Malicious emails with QR codes redirected victims to fake login pages, making detection challenging.Bulletproof Hosting: Domains stayed active longer due to hosting services that delayed takedowns.Encrypted JavaScript: Added obfuscation to ensure phishing pages evaded detection.

The operation abruptly stopped in June after researchers exposed the owner, Abanoub Nady (MRxC0DER). A U.S. civil court redirected ONNX’s infrastructure to Microsoft, effectively cutting off threat actors.

This marks another victory for Microsoft’s Digital Crimes Unit, which continues to raise the stakes for cybercriminals by dismantling phishing infrastructure and reducing the profitability of cybercrime.

Phishing is evolving rapidly, with sophisticated techniques like Quishing targeting employees at financial firms, government bodies, and tech giants. Cybersecurity measures must adapt to counter these advanced threats.

Enable MFA (Multi-Factor Authentication)Verify Email SourcesAvoid Scanning Unknown QR Codes

Together, we can combat cyber threats! 🌐