ALBAWABA - Microsoft shut down a large-scale cybercrime operation by seizing 240 fraudulent websites connected to an Egyptian entity that sold do-it-yourself (DIY) phishing kits. By using these kits, advanced phishing attacks were carried out, compromising user credentials to get around important security features like multifactor authentication (MFA).
Abanoub Nady, also known online as "MRxC0DER," was identified by the tech giant's Digital Crimes Unit (DCU) as the alleged mastermind of the operation, according to a Microsoft blog post. Nady marketed and sold phishing tools via online stores under the ONNX brand name, which is genuinely owned by the Linux Foundation.
The scheme seems to have been operating since 2017, and in early 2024, it was among the top five phishing kit suppliers by email volume, generating a significant number of the millions of phishing attempts that Microsoft identifies each month.
The phishing kits that were seized enabled easy to conduct “adversary-in-the-middle” (AiTM) attacks, a technique that exploits network connections to intercept and steal passwords and authentication cookies. Cybercriminals are increasingly favoring this method since it enables them to get beyond multi-factor authentication, a crucial component of today's cybersecurity as Microsoft notes.
Together with the Linux Foundation, Microsoft obtained an Eastern District of Virginia court order redirecting the malicious websites to its jurisdiction, therefore shutting down the phishing operation's supporting infrastructure.
Although the court ruling does not completely eliminate the threat, it still causes the offenders a serious setback by compelling them to reconstruct their infrastructure from scratch.
The Linux Foundation, is a co-plaintiff in the case, issued a statement in which it underlined the significance of collective action in the fight against cyber threats, saying “We encourage organizations to collaborate and build stronger collective defenses.”
