Microsoft obtained a court order allowing it to seize 240 websites it says are linked to an Egypt-based seller of do-it-yourself phishing kits used to break into the tech giant’s user accounts, the company said Thursday.

The kit-maker, Abanoub Nady — known online as MRxC0DER — used the brand name ONNX to sell the services, the trademark name of which is owned by the Linux Foundation. Linux is a co-plaintiff in the civil court order unsealed in the Eastern District of Virginia, as detailed in a Microsoft blog post.

Microsoft said the kits represent a sophisticated threat meant to short-circuit multifactor authentication — one of the most touted cyber defense precautions — through an “adversary in the middle” approach.

“AiTM phishing attacks — where attackers secretly inject themselves in network communications to steal credentials and cookies used to authenticate users’ identity — have become highly favored, if not the ‘go-to’ method used by malicious actors to bypass the additional protections of Multifactor Authentication (MFA) defenses,” wrote Steven Masada, assistant general counsel in the Digital Crimes Unit.

The kits pose a particular danger to one sector, Masada said.

“While all sectors are at risk, the financial services industry has been heavily targeted given the sensitive data and transactions they handle,” he wrote. “In these instances, a successful phish can have devastating real-world consequences for the victims. It can result in the loss of significant amounts of money, including life savings, which, once stolen, can be very difficult to recover.”

Microsoft has, for many years, sought court orders with the intention of disrupting hacking threats by seizing websites and domains. It acknowledges that the court orders don’t put the culprits out of business, but can deal them a setback that costs them time and money to rebuild.

MRxC0DER has drawn the attention of threat researchers for the past couple of years as well, with a particular emphasis on the targeting of Microsoft 365 users, first through the since-defunct “Caffeine” phishing-as-a-service, but more recently through the fraudulent ONXX service.

“We encourage organizations who find themselves in a position to fight one element of a cybercrime problem to identify ways to collaborate and build a stronger collective response,” the Linux Foundation said in a statement.

The post Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Ransomware and AI-Powered Hacks Drive Cyber Investment

May 21, 2024 0 Comments 0 tags

The rise in ransomware and AI generated attacks has contributed to accelerate investment into cyber defenses, Infosecurity Europe found in a new study

Read More

UK General Election: Tech Policy Expert Calls for Law Overhaul to Combat Deepfakes

June 14, 2024 0 Comments 0 tags

Governments should “police the content rather than the technology used to create it,” Matthew Feeney from the Centre for Policy Studies argued in a new paper

Read More

Cybersecurity Incident Affects Arkansas City Water Treatment Facility

September 24, 2024 0 Comments 0 tags

Arkansas City’s water treatment facility faced a cyber incident on Sunday and has since switched to manual operations

Read More