Microsoft’s Digital Crimes Unit has conducted a successful takedown of almost 250 malicious websites used in the cyber criminal ONNX phishing-as-a-service operation
Microsoft’s Digital Crimes Unit (DCU) has scored a major win against the cyber criminal underworld after leading an operation to seize 240 fraudulent websites used by an Egyptian national – named today as Abanoub Nady – who sold do-it-yourself phishing kits under the brand name ONNX to less adept crooks.
Nady, who used the handle MRxD0DER, both developed and sold the phishing-as-a-service kits, which were used in multiple campaigns against Microsoft customers in various sectors, although it is understood that the financial services industry was the most heavily targeted.
The DCU believes that emails originating from the ONNX ‘family of products’ made up a significant portion of the tens to hundreds of millions of phishes caught in Microsoft’s nets every month – it was likely among the top five such ops globally.
Redmond said that in targeting ONNX, it was disrupting the illicit cyber criminal supply chain and protecting customers from downstream threats such as fraud, data theft, and ransomware.
“This action builds on the DCU’s strategy of disrupting the broader cyber criminal ecosystem and targeting the tools cyber criminals use to launch their attacks,” Microsoft DCU assistant general counsel Stephen Masada explained.
“Our goal in all cases is to protect customers by severing bad actors from the infrastructure required to operate and to deter future cyber criminal behaviour by significantly raising the barriers of entry and the cost of doing business.
“We are joined by co-plaintiff LF (Linux Foundation) Projects, LLC, the trademark owner of the actual registered ONNX name and logo.
