Security News > 2023 > September > W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA

A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts.

In ten months, security researchers discovered that W3LL's utilities and infrastructure were used to set up about 850 phishing that targeted credentials for more than 56,000 Microsoft 365 accounts.

"W3LL's major weapon, W3LL Panel, may be considered one of the most advanced phishing kits in class, featuring adversary-in-the-middle functionality, API, source code protection, and other unique capabilities" - Group-IB. W3LL arsenal for BEC attacks.

This is the W3LL Panel phishing page ready to collect Microsoft 365 account credentials.

Group-IB researchers explain that the initial link in a phishing lure does not lead to the fake Microsoft 365 login page in the W3LL Panel and it is only the start of a redirect chain intended to prevent the discovery of W3LL Panel phishing pages.

For W3LL to compromise a Microsoft 365 account, it uses the adversary/man-in-the-middle technique, where communication between the victim and the Microsoft server passes through the W3LL Panel and the W3LL Store acting as a backend system.

News URL

https://www.bleepingcomputer.com/news/security/w3ll-phishing-kit-hijacks-thousands-of-microsoft-365-accounts-bypasses-mfa/