Advertisement

Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker

The kits, which the company said were a sophisticated approach to bypassing multifactor authentication, pose a particular threat to the financial services sector.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
An Egyptian Fisherman holds a fishing net on the waters of the Pharaonic Sea in the village of Kafr Fisha, province of Monufia, in 2019. (MOHAMED EL-SHAHED/AFP via Getty Images)

Microsoft obtained a court order allowing it to seize 240 websites it says are linked to an Egypt-based seller of do-it-yourself phishing kits used to break into the tech giant’s user accounts, the company said Thursday.

The kit-maker, Abanoub Nady — known online as MRxC0DER — used the brand name ONNX to sell the services, the trademark name of which is owned by the Linux Foundation. Linux is a co-plaintiff in the civil court order unsealed in the Eastern District of Virginia, as detailed in a Microsoft blog post.

Microsoft said the kits represent a sophisticated threat meant to short-circuit multifactor authentication — one of the most touted cyber defense precautions — through an “adversary in the middle” approach.

“AiTM phishing attacks — where attackers secretly inject themselves in network communications to steal credentials and cookies used to authenticate users’ identity — have become highly favored, if not the ‘go-to’ method used by malicious actors to bypass the additional protections of Multifactor Authentication (MFA) defenses,” wrote Steven Masada, assistant general counsel in the Digital Crimes Unit.

Advertisement

The kits pose a particular danger to one sector, Masada said.

“While all sectors are at risk, the financial services industry has been heavily targeted given the sensitive data and transactions they handle,” he wrote. “In these instances, a successful phish can have devastating real-world consequences for the victims. It can result in the loss of significant amounts of money, including life savings, which, once stolen, can be very difficult to recover.”

Microsoft has, for many years, sought court orders with the intention of disrupting hacking threats by seizing websites and domains. It acknowledges that the court orders don’t put the culprits out of business, but can deal them a setback that costs them time and money to rebuild.

MRxC0DER has drawn the attention of threat researchers for the past couple of years as well, with a particular emphasis on the targeting of Microsoft 365 users, first through the since-defunct “Caffeine” phishing-as-a-service, but more recently through the fraudulent ONXX service.

“We encourage organizations who find themselves in a position to fight one element of a cybercrime problem to identify ways to collaborate and build a stronger collective response,” the Linux Foundation said in a statement. 

Latest Podcasts