Microsoft takes down hundreds of malicious websites used in phishing scams


  • The Microsoft Digital Crimes Unit has seized 240 fraudulent sites
  • The sites were used by ONNX to sell phishing templates
  • Phishing attacks target millions of users per month

Millions of phishing emails targeting victims every day use ‘do it yourself’ phishing kits developed by Egypt-based ONNX – but the Microsoft Digital Crimes Unit has now seriously disrupted this operation, seizing 240 fraudulent websites used to help sell Phishing-as-a-Service (PaaS) kits.

Phishing poses a real threat to individuals and organizations alike, with successful phishing attacks delivering devastating financial and data loss. Cybercriminals have taken this further by developing ‘kits’ to sell to other criminals to help develop widespread phishing campaigns and bypass security measures by intercepting MFA requests.

The attacks that originate from the ‘do it yourself’ kits represent a significant portion of the tens of millions of phishing attacks Microsoft accounts receive each month. The ONNX operation is one of the top five phish kit providers by email volume in 2024, according to Microsoft’s digital defense reports, so the disruption is significant.

Name and shame

Microsoft has decided to publicly name the individual behind the storefront, Abanoub Nady (known online as “MRxC0DER”), who has been tied to the operation as far back as 2017, and is well established in the PaaS sphere.

ONNX offers a tiered subscription service, with basic, professional, and enterprise plans – which are promoted, sold, and configured through Telegram, and they even provide ‘how to’ videos for criminals to properly implement the phishing kits.

Many of the kits used a technique called ‘quishing’, or QR code phishing, which prompts users to scan codes where they are redirected to malicious fake websites to enter personal or payment information.

“As we’ve said before, no disruption is complete in one action. Effectively combatting cybercrime requires persistence and ongoing vigilance to disrupt new malicious infrastructure,” said Assistant General Counsel, Microsoft’s Digital Crimes Unit, Steven Masada.

“While today’s legal action will substantially hamper the fraudulent ONNX’s operations, other providers will fill the void, and we expect threat actors will adapt their techniques in response.”

Related posts

US Government officials urged to lock down devices amid telecoms breach

Sophos flags concerning firewall security flaws, users told to patch now

Sophos flags concerning firewall security flaws, users told to patch now

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More