A recent report has raised concerns about a previously unknown threat actor known as “W3LL” who has been operating a large-scale phishing operation. This individual has apparently played a significant role in compromising Microsoft 365 business email accounts in recent years.
In addition to their involvement in email compromise, the threat actor also operated a hidden underground market called the “W3LL Store.” This market offered a phishing kit called the “W3LL panel” as well as 16 other customized tools that could be used for Business Email Compromise (BEC) attacks.
According to sources in the cybersecurity community, W3LL has been active since 2017. Their first tool, the W3LL SMTP Sender, was used for bulk email spam. Since then, they have developed their own version of a phishing kit tailored specifically to target corporate Microsoft 365 accounts. In 2018, they launched the W3LL Store, which has reportedly attracted over 500 active users and sold more than 3,800 items. It is estimated that the revenue generated by W3LL over the past 10 months alone has reached half a million dollars.
The W3LL Panel, their most prominent tool, is considered one of the most advanced phishing kits available. It boasts features such as adversary-in-the-middle functionality, API integration, and source code protection. Many sophisticated threat actors have reportedly subscribed to the W3LL Panel’s three-month subscription plan, which costs $500. The high efficiency and advanced capabilities of this tool make it a popular choice among cybercriminals.
It has been discovered that more than 850 unique websites can be linked to the W3LL Panel. Threat actors have used this tool to launch Business Email Compromise Attacks, targeting over 56,000 corporate Microsoft 365 business accounts. Shockingly, more than 8,000 of these accounts, which accounts for approximately 14.3%, were compromised as a result of these attacks.
Group-IB, a leading cybersecurity company, has released a comprehensive report on the activities of the W3LL threat actor. This report provides detailed information about the tools sold by W3LL, indicators of compromise, the geography of their operations, and more. It also emphasizes the importance of staying updated with the latest changes in the tactics, techniques, and procedures (TTPs) employed by W3LL as the threat actor regularly updates its tools, adds new functionalities, and improves anti-detection mechanisms.
In light of this latest revelation, it is crucial for individuals and organizations to remain vigilant and take necessary precautions to protect their Microsoft 365 and email accounts. Cybersecurity experts recommend implementing strong authentication methods, regularly updating security software, and staying informed about emerging threats in order to reduce the risk of falling victim to phishing attacks.
To stay informed about the latest Cyber Security News, it is advisable to follow reputable sources such as Google News, LinkedIn, Twitter, and Facebook, which regularly share updates and insights into the evolving cyber threat landscape. By staying informed and adopting necessary security measures, individuals and organizations can significantly enhance their resilience against cyber threats and reduce the likelihood of being targeted by threat actors like W3LL.