Trending

News

Microsoft Shuts Down ONNX Phishing Service and Identifies Operator

ONNX
Listen to this article

Microsoft Takes Down ONNX Phishing Service and Exposes Alleged Operator

On Thursday, Microsoft announced the disruption of the ONNX phishing service and publicly identified an Egyptian individual, Abanoub Nady, also known as MRxC0DER, as its alleged operator.

According to Microsoft, Nady has been involved in creating and selling phishing kits under the ONNX brand. This is not the first time his identity has been exposed—Dark Atlas, a dark web monitoring platform, unmasked him in July 2024. However, Microsoft’s decision to publicly name Nady is aimed at deterring other cybercriminals.

Microsoft has been monitoring cybercrime activities linked to Nady since 2017. The company alleges he has been involved in developing and marketing multiple phishing services, including ONNX, Caffeine, and most recently, FUHRER. These services, offered under a phishing-as-a-service (PhaaS) model, allow cybercriminals to execute large-scale phishing campaigns for as little as $150 per month. These campaigns are designed to harvest sensitive user credentials.

ONNX also facilitated adversary-in-the-middle (AitM) phishing attacks, enabling threat actors to intercept user authentication processes and bypass multi-factor authentication protections.

Microsoft, with support from the Linux Foundation, has seized 240 domains linked to Nady’s phishing operations. The Linux Foundation, which owns the ONNX name and logo for its Open Neural Network Exchange, joined Microsoft in a lawsuit targeting these operations.

The takedown was made possible through a civil court order issued in the Eastern District of Virginia. Microsoft stated, “This action redirects the malicious technical infrastructure to Microsoft, cutting off threat actors, including the fraudulent ONNX operation and its customers, and permanently halting the use of these domains for phishing attacks.”

“Although this legal action will significantly disrupt the fraudulent ONNX operation, other providers may step in to fill the gap, and threat actors are likely to evolve their tactics in response.

“Nevertheless, this action delivers a clear message to those who exploit our services to harm users: we will actively seek solutions to safeguard our platforms and customers. We are continually enhancing our technical and legal approaches to achieve a more substantial impact,” the statement concluded.
Cyberkitera

Cyberkitera is a premier cybersecurity publishing platform dedicated to providing the latest insights, expert security tips, and news across all areas of cybersecurity. Our mission is to empower individuals and businesses with knowledge to prevent cyber threats, stay informed about emerging trends, and safeguard their digital assets. From industry updates to practical advice on protecting against cyber attacks, Cyberkitera is your trusted source for staying ahead in the ever-evolving world of cybersecurity.

view all posts

Related Posts

Post Comment

You May Have Missed