ONNX' MFA Bypass Targets Microsoft 365 Accounts

A sophisticated phishing-as-a-service (PhaaS) operation called ONNX Store is targeting Microsoft 365 accounts within financial firms using advanced tactics such as 2FA bypass, QR codes, and typosquatting, according to EclecticIQ researchers. The campaign, detected in February, employs QR codes in PDF attachments to direct victims to phishing URLs, specifically targeting banks and financial institutions across the Americas and EMEA regions. The ONNX platform, accessible via Telegram bots, uses encrypted JavaScript for 2FA interception and real-time data capture through WebSockets, enhancing attack efficiency and evasion. The operation shares similarities with the Caffeine phishing kit, suggesting potential rebranding or collaboration with the Arabic-speaking threat actor MRxC0DER.

ONNX' MFA Bypass Targets Microsoft 365 Accounts

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

ONNX' MFA Bypass Targets Microsoft 365 Accounts

19-June-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address