Security News > 2024 > June > ONNX phishing service targets Microsoft 365 accounts at financial firms
A new phishing-as-a-service platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments.
Researchers at EclecticIQ who discovered the activity believe that ONNX is a rebranded version of the Caffeine phishing kit managed by the Arabic-speaking threat actor MRxC0DER. Mandiant discovered caffeine in October 2022, when the platform targeted Russian and Chinese platforms instead of Western services.
EclecticIQ observed ONNX attacks in February 2024, distributing phishing emails with PDF attachments containing malicious QR codes that targeted employees at banks, credit union service providers, and private funding firms.
Scanning the QR code on a mobile device bypasses phishing protections on the targeted organizations, taking victims to phishing pages that mimic the legitimate Microsoft 365 login interface.
The Microsoft Office 365 phishing templates are customizable, and webmail services are available for sending phishing emails to targets.
All in all, ONNX Store is a dangerous threat for Microsoft 365 account holders, especially for companies engaged in the broader financial services sectors.
News URL
Related news
- Microsoft 365 anti-phishing feature can be bypassed with CSS (source)
- Microsoft 365 anti-phishing alert “erased” with one simple trick (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot (source)
- Microsoft Sway abused in massive QR code phishing campaign (source)
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)
- Copilot for Microsoft 365 might boost productivity if you survive the compliance minefield (source)
- Microsoft fixes bug crashing Microsoft 365 apps when typing (source)