Security News > 2024 > June > ONNX phishing service targets Microsoft 365 accounts at financial firms

A new phishing-as-a-service platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments.
Researchers at EclecticIQ who discovered the activity believe that ONNX is a rebranded version of the Caffeine phishing kit managed by the Arabic-speaking threat actor MRxC0DER. Mandiant discovered caffeine in October 2022, when the platform targeted Russian and Chinese platforms instead of Western services.
EclecticIQ observed ONNX attacks in February 2024, distributing phishing emails with PDF attachments containing malicious QR codes that targeted employees at banks, credit union service providers, and private funding firms.
Scanning the QR code on a mobile device bypasses phishing protections on the targeted organizations, taking victims to phishing pages that mimic the legitimate Microsoft 365 login interface.
The Microsoft Office 365 phishing templates are customizable, and webmail services are available for sending phishing emails to targets.
All in all, ONNX Store is a dangerous threat for Microsoft 365 account holders, especially for companies engaged in the broader financial services sectors.
News URL
Related news
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Massive botnet hits Microsoft 365 accounts (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft links recent Microsoft 365 outage to buggy update (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft 365 apps will prompt users to back up files in OneDrive (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)