Identity, Phishing

Financial orgs subjected to attacks with new ONNX phishing service

Malicious e-mails pelting inboxes hit all-time high in Q1, 2023

Organizations in the financial sector had their employees' Microsoft 365 accounts targeted with an attack campaign involving the novel ONNX phishing-as-a-service platform, which is believed to be a rebrand of the Caffeine phishing kit, since February, BleepingComputer reports.

Attackers impersonated human resources departments in malicious emails purporting to be about salary updates containing PDF attachments with QR codes, which when scanned redirect targets to fake Microsoft 365 login pages without being flagged by phishing protections, according to a report from EcleticIQ. Inputted login credentials and two-factor authentication tokens on the phishing page are then exfiltrated by attackers, who will then leverage the data to facilitate email account hijacking and data theft activities. Aside from featuring customizable Microsoft Office 365 phishing templates and an array of webmail services, the ONNX PhaaS platform — which is operated via Telegram — also ensured detection evasion through the utilization of encrypted JavaScript code, Cloudflare services, and a bulletproof hosting service, said researchers.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds