A new Microsoft 365 phishing service has emerged, so be on the lookout


  • Researchers said Rockstar2FA went silent in November 2024
  • But shortly afterwards a new PaaS emerged, with partly overlapping infrastructure
  • The new PaaS is called FlowerStorm and focuses on Microsoft365 accounts

Cybersecurity researchers from Sophos have warned that a new Phishing-as-a-Service (PaaS) tool has emerged, making it easy for threat actors to prey on people’s Microsoft 365 credentials.

This tool is called FlowerStorm and could have evolved from the (defunct) Rockstar2FA, the company revealed, noting that in November, detections for Rockstar2FA had “suddenly gone silent.”