Security News > 2023 > September > W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA

A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts.
In ten months, security researchers discovered that W3LL's utilities and infrastructure were used to set up about 850 phishing that targeted credentials for more than 56,000 Microsoft 365 accounts.
"W3LL's major weapon, W3LL Panel, may be considered one of the most advanced phishing kits in class, featuring adversary-in-the-middle functionality, API, source code protection, and other unique capabilities" - Group-IB. W3LL arsenal for BEC attacks.
This is the W3LL Panel phishing page ready to collect Microsoft 365 account credentials.
Group-IB researchers explain that the initial link in a phishing lure does not lead to the fake Microsoft 365 login page in the W3LL Panel and it is only the start of a redirect chain intended to prevent the discovery of W3LL Panel phishing pages.
For W3LL to compromise a Microsoft 365 account, it uses the adversary/man-in-the-middle technique, where communication between the victim and the Microsoft server passes through the W3LL Panel and the W3LL Store acting as a backend system.
News URL
Related news
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Massive botnet hits Microsoft 365 accounts (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft links recent Microsoft 365 outage to buggy update (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft 365 apps will prompt users to back up files in OneDrive (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)