Microsoft removes hundreds of malicious websites used in phishing attacks
- The Microsoft Digital Crimes Unit has seized 240 fraudulent sites
- The sites were used by ONNX to sell phishing templates
- Phishing attacks target millions of users per month
Millions of phishing emails targeting victims every day use ‘do-it-yourself’ phishing kits developed by Egypt-based ONNX – but the Microsoft Digital Crime Unit has now seriously disrupted this operation by seizing 240 fraudulent websites used to sell Phishing-as-a-Service (PaaS) kits.
Phishing poses a real threat to both individuals and organizations, with successful phishing attacks causing devastating financial and data losses. Cybercriminals have taken this even further by developing ‘kits’ that they can sell to other criminals to help develop widespread phishing campaigns and bypass security measures by intercepting MFA requests.
The attacks resulting from the ‘do it yourself’ kits represent a significant portion of the tens of millions of phishing attacks that Microsoft accounts receive every month. The ONNX operation is among the top five phishing kit providers by email volume in 2024, according to Microsoft’s digital defense reports, so the disruption is significant.
Name and shame
Microsoft has decided to publicly name the person behind the storefront, Abanoub Nady (known online as “MRxC0DER”), who has been associated with the operation since 2017 and is well established in the PaaS sphere.
ONNX offers a tiered subscription service, with Basic, Professional and Enterprise plans – which are promoted, sold and configured through Telegram, and they even provide ‘how to’ videos for criminals to implement the phishing kits properly.
Many of the kits used a technique called ‘quishing’, or QR code phishing, which requires users to scan codes before being redirected to malicious fake websites to enter personal or payment details.
“As we have said before: no disruption is complete in one action. Effectively combating cybercrime requires perseverance and continued vigilance to disrupt new malicious infrastructure,” said Steven Masada, Assistant General Counsel, Microsoft’s Digital Crimes Unit.
“While today’s legal actions will materially hinder the activities of rogue ONNX, other providers will fill the void, and we expect threat actors will adapt their techniques in response.”