Microsoft, Meta, and DoJ Tackle Global Cybercrime and Fraud Networks
Meta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have each announced independent actions to combat cybercrime and disrupt services that facilitate scams, fraud, and phishing attacks.
Microsoft's Digital Crimes Unit (DCU) reported seizing 240 fraudulent websites associated with an Egypt-based cybercriminal named Abanoub Nady (also known as MRxC0DER and mrxc0derii). Nady sold a phishing kit called ONNX, which has been in operation since 2017.
"Numerous cybercriminals and online threat actors purchased these kits and used them in widespread phishing campaigns to bypass additional security measures and break into Microsoft customer accounts," said Steven Masada of Microsoft DCU. He highlighted that while all sectors are at risk, the financial services industry is particularly targeted due to the sensitive data and transactions they handle.
ONNX, offered under the phishing-as-a-service (PhaaS) model for between $150 per month to $550 for six months, was documented by EclecticIQ in June. The phishing kit can serve QR codes embedded within PDF files, directing victims to fake Microsoft 365 login pages.
Nady's identity was exposed by DarkAtlas around the same time, leading to the cessation of his activities. Microsoft has been tracking him under the moniker Storm-0867. The U.S. Financial Industry Regulatory Authority (FINRA) also issued an alert, warning that the ONNX kit targets financial institutions and can bypass two-factor authentication (2FA) by intercepting 2FA requests.
Microsoft revealed that the PhaaS platform also went by other names like Caffeine and FUHRER, allowing users to conduct large-scale phishing campaigns. These kits, promoted and sold primarily through Telegram, included phishing templates and the necessary technical infrastructure. Microsoft obtained a civil court order in the Eastern District of Virginia to neutralize this infrastructure, preventing further use of these domains for phishing attacks.
Microsoft's co-plaintiff in this legal action is LF (Linux Foundation) Projects, LLC, the trademark owner of ONNX (Open Neural Network Exchange), an open-source runtime for machine learning models.
In a related development, the DoJ announced the shutdown of PopeyeTools, a marketplace for stolen credit cards and other tools for financial fraud. Charges were unsealed against three administrators from Pakistan and Afghanistan: Abdul Ghaffar, 25; Abdul Sami, 35; and Javed Mirza, 37.
For Further Reference