An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. Rockstar2FA was first documented by Trustwave late last month as a PhaaS service that allows criminal actors to launch phishing attacks that are capable of harvesting Microsoft 365 account credentials and session cookies, thereby circumventing multi-factor authentication (MFA) protections.

‍