Security News > 2023 > September > W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

A previously undocumented "Phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years.

"The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise attacks," Group-IB said in a report shared with The Hacker News.

The phishing infrastructure is estimated to have targeted more than 56,000 corporate Microsoft 365 accounts and compromised at least 8,000 of them, primarily in the U.S., the U.K., Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy between October 2022 and July 2023, netting its operators $500,000 in illicit profits.

The Singapore-headquartered cybersecurity company has described W3LL as an all-in-one phishing instrument that offers an entire spectrum of services ranging from custom phishing tools to mailing lists and access to compromised servers, underscoring the upward trend of phishing-as-a-service platforms.

BEC attacks leveraging the W3LL phishing kit entail a preparatory phase to validate email addresses using an auxiliary utility referred to as LOMPAT and deliver the phishing messages.

"What really makes W3LL Store and its products stand out from other underground markets is the fact that W3LL created not just a marketplace but a complex phishing ecosystem with a fully compatible custom toolset that covers almost entire killchain of BEC and can be used by cybercriminals of all technical skill levels," Group-IB's Anton Ushakov said.

News URL

https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html