Microsoft has taken a significant step in the fight against cybercrime by seizing 240 domains belonging to ONNX, a phishing-as-a-service platform that has been targeting companies and individuals since 2017. According to Microsoft’s “Digital Defense Report 2024,” ONNX was identified as the top adversary-in-the-middle (AitM) phishing service, with a high volume of phishing messages sent out during the first half of this year. This operation was responsible for sending millions of phishing emails targeting Microsoft 365 accounts each month.
The ONNX platform operated by promoting and selling phishing kits on Telegram through a subscription-based model, with prices ranging from $150 to $550 per month. These kits were designed to target a variety of companies in the technology sector, including Google, Dropbox, Rackspace, and Microsoft, among others. The attacks orchestrated by ONNX were controlled through Telegram bots and included built-in two-factor authentication (2FA) bypass mechanisms. In addition, the platform enabled QR code phishing, also known as quishing, targeting employees of financial firms.
Microsoft’s statement regarding the fraudulent ONNX operation highlighted the use of bulletproof hosting services to delay domain takedowns, as well as encrypted JavaScript code that self-decrypts, making it difficult to detect and thwart their attacks. Despite the legal action taken to disrupt ONNX’s operations, Microsoft acknowledges that other threat actors may step in to fill the void, adapting their techniques in response. Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit, emphasized the company’s commitment to proactively combatting online threats and continuously improving technical and legal strategies to safeguard its services and customers.
While the seizure of ONNX’s domains is a significant blow to the phishing-as-a-service platform, Microsoft remains vigilant in its efforts to protect users from cybercrime. The company has made the full list of the 240 seized domains available online, signaling a strong message to those who engage in malicious activities online. By taking decisive action against threats like ONNX, Microsoft aims to deter others from replicating such services and harming users online.
In conclusion, Microsoft’s proactive measures against ONNX demonstrate the company’s dedication to enhancing cybersecurity and combating cybercrime. The disruption of this phishing-as-a-service platform serves as a warning to other threat actors and underscores the importance of collaboration between technology companies, law enforcement agencies, and cybersecurity experts in safeguarding digital assets and promoting online safety.