Microsoft slaps down Egyptian-run rent-a-phish operation

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

slaps down Egyptian-run rent-a-phish operation

This is the hidden content, please

• Sign In
• or
• Sign Up

(DCU) has scored a major win against the cyber ********* underworld after leading an operation to seize 240 fraudulent websites used by an Egyptian national – named today as Abanoub Nady – who sold do-it-yourself phishing kits under the brand name

This is the hidden content, please

• Sign In
• or
• Sign Up

to less adept crooks.

Nady, who used the handle MRxD0DER, both developed and sold the

This is the hidden content, please

• Sign In
• or
• Sign Up

kits, which were used in multiple campaigns against

This is the hidden content, please

• Sign In
• or
• Sign Up

customers in various sectors, although it is understood that the financial services industry was the most heavily targeted.

The DCU believes that emails originating from the ONNX ‘family of products’ made up a significant portion of the tens to hundreds of millions of phishes caught in

This is the hidden content, please

• Sign In
• or
• Sign Up

’s nets every month – it was likely among the top five such ops globally.

Redmond said that in targeting ONNX, it was disrupting the illicit cyber ********* supply chain and protecting customers from downstream threats such as ******, data theft, and ransomware.

“This action builds on the DCU’s strategy of disrupting the broader cyber ********* ecosystem and targeting the tools cyber ********** use to launch their attacks,”

This is the hidden content, please

• Sign In
• or
• Sign Up

.

“Our goal in all cases is to protect customers by severing bad actors from the infrastructure required to operate and to deter future cyber ********* behaviour by significantly raising the barriers of entry and the cost of doing business. 

“We are joined by co-plaintiff LF (Linux Foundation) Projects, LLC, the trademark owner of the actual registered ONNX name and logo. ONNX or

This is the hidden content, please

• Sign In
• or
• Sign Up

is an open standard format and open source runtime for representing machine learning models, enabling interoperability between different hardware, frameworks, and tools for easier deployment and scalability,” he said.

“Together, we are taking affirmative action to protect online users globally rather than standing idly by while malicious actors illegally use our names and logos to enhance the perceived legitimacy of their attacks.”

Masada said that the DCU had unilaterally opted to name Nady to serve as a further deterrent to others.

A spokesperson for the

This is the hidden content, please

• Sign In
• or
• Sign Up

said: “At the Linux Foundation, we advocate collaboration as a powerful tool for tackling complex challenges. Today, we celebrate our recent collaboration with

This is the hidden content, please

• Sign In
• or
• Sign Up

to defend millions of individuals and organisations from a global phishing-as-a-service ********* operation. We encourage organisations who find themselves in a position to ****** one element of a cyber ****** problem to identify ways to collaborate and build a stronger collective response.”

This is the hidden content, please

• Sign In
• or
• Sign Up

on the case

Recent months have seen

This is the hidden content, please

• Sign In
• or
• Sign Up

in sophisticated adversary-in-the-middle (AitM) phishing attacks such as those orchestrated through ONNX in recent months, notably

This is the hidden content, please

• Sign In
• or
• Sign Up

– phishing using malicious QR codes.

However,

This is the hidden content, please

• Sign In
• or
• Sign Up

’s action against ONNX is in fact the result of a lengthy investigation dating back to 2017. Over the years, said

This is the hidden content, please

• Sign In
• or
• Sign Up

, it has tracked various of Nady’s ‘enterprises’ including other phishing operations known as Caffeine and FUHRER.

All of his kits were designed to send emails at scale in coordinated campaigns, and ONNX was sold on a subscription-based model with various tiers of access and support, even a VIP tier for the most discerning **********, who benefited from round-the-clock tech support offering step-by-step guidance.

ONNX was mostly promoted, sold and configured via the Telegram messaging platform, alongside demonstration videos. Once bought, customers were able to orchestrate attacks using the provided templates and the fraudulent ONNX technical infrastructure, where they were allowed to connect malicious domains obtained from elsewhere.

Under a civil court order, unsealed today in the Eastern District of Virginia,

This is the hidden content, please

• Sign In
• or
• Sign Up

has now taken over this technical infrastructure, putting it beyond use for future attacks.

More to come

Unfortunately, observed Masada, while the DCU’s action will substantially disrupt ONNX, it is a certainty that other threat actors will fill the void, with adapted techniques.

“However, taking action sends a strong message to those who choose to replicate our services to harm users online: we will proactively pursue remedies to protect our services and our customers and are continuously improving our technical and legal strategies to have greater impact,” he said.

“Furthermore, as cyber ********** continue to evolve their methods, it is crucial for organisations and individuals to stay informed and vigilant. By understanding the tactics employed by cybercriminals and implementing robust security measures, we can collectively work towards a safer digital environment. Continued collaboration, like the partnership with LF Projects, ******** essential if we want to meaningfully dent the cyber threat landscape.”

This is the hidden content, please

• Sign In
• or
• Sign Up

#

This is the hidden content, please

• Sign In
• or
• Sign Up

#slaps #Egyptianrun #rentaphish #operation

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up