Security News > 2024 > June > ONNX phishing service targets Microsoft 365 accounts at financial firms

A new phishing-as-a-service platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments.

Researchers at EclecticIQ who discovered the activity believe that ONNX is a rebranded version of the Caffeine phishing kit managed by the Arabic-speaking threat actor MRxC0DER. Mandiant discovered caffeine in October 2022, when the platform targeted Russian and Chinese platforms instead of Western services.

EclecticIQ observed ONNX attacks in February 2024, distributing phishing emails with PDF attachments containing malicious QR codes that targeted employees at banks, credit union service providers, and private funding firms.

Scanning the QR code on a mobile device bypasses phishing protections on the targeted organizations, taking victims to phishing pages that mimic the legitimate Microsoft 365 login interface.

The Microsoft Office 365 phishing templates are customizable, and webmail services are available for sending phishing emails to targets.

All in all, ONNX Store is a dangerous threat for Microsoft 365 account holders, especially for companies engaged in the broader financial services sectors.

News URL

https://www.bleepingcomputer.com/news/security/onnx-phishing-service-targets-microsoft-365-accounts-at-financial-firms/