Unveiling the Secret Phishing Empire Attacking Microsoft 365 Business Emails
- An unknown “phishing empire” has been attacking Microsoft 365 business email accounts for the past six years.
- The cybercriminal created a secretive marketplace called W3LL Store for a closed community of at least 500 threat actors.
- These threat actors could buy a customized phishing kit named W3LL Panel, designed to dodge Multi-Factor Authentication (MFA), along with 16 other shady services.
A Hidden Threat Exposed: The Phishing Empire’s Reign Over Microsoft 365
Like finding Waldo in a sea of distracting patterns, cybersecurity teams have finally spotted an elusive “phishing empire” that’s been playing ‘phish and chips’ with Microsoft 365 business email accounts for over half a decade. You could say they had the ultimate “gone phishin’” sign up for an alarmingly long time.
The Secretive Cyber Crime Marketplace: W3LL Store
Imagine an exclusive club, but this isn’t for people trying to glitz up their social calendars. The W3LL Store is a covert marketplace for cybercriminal activities, catering to a closed community of no less than 500 techno-villains. These villains aren’t looking for a cool DJ and delicious hors d’oeuvres, rather they prefer phishing kits and shady digital services.
W3LL Panel: A Phishing Kit That Sneaks Past MFA
When you think kits, you probably picture hobby models or DIY craft sets. But W3LL Panel is a far cry from these innocent pastimes. This customized phishing kit, sold in the W3LL Store, is designed to bypass Multi-Factor Authentication, similar to a master key cracker. It’s like a Swiss army knife for cybercriminals – but with fewer bottle openers and more wreaking havoc!
To sum it all up, a previously unidentified phishing empire has been exposed for launching cyber attacks aimed at Microsoft 365 business email accounts for quite a few years. Their shenanigans included running a hidden underground market, the W3LL Store, that served hundreds of threat actors. These actors could buy a custom phishing kit, the W3LL Panel, designed to bypass MFA and carry out more nefarious activities. It’s like a digital ‘Murder Incorporated’, but instead of organized crime, they’re organizing spam!
Original Article: https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html