Microsoft targets Egyptian linked to DIY phishing kits

The Egyptian operation offered subscriptions with technical support for cybercriminals. Photo / File

Microsoft announced the seizure of 240 fraudulent websites tied to an Egyptian cybercrime operation that sold do-it-yourself phishing kits used to steal user credentials and bypass security measures.

The tech giant’s Digital Crimes Unit identified Abanoub Nady, known online as “MRxC0DER”, as the alleged operator behind the scheme which fraudulently used the “ONNX” brand name to market and sell phishing tools through online storefronts.

The operation was among the top five providers of phishing kits by email volume in early 2024, contributing significantly to the millions of phishing messages Microsoft detects monthly, the company said.

It obtained a court order from a US federal court in Virginia to redirect the malicious website infrastructure to Microsoft’s control, effectively shutting down the operation.

Microsoft filed the case jointly with the Linux Foundation, which owns the legitimate ONNX trademark as an open-source machine learning platform.

According to Microsoft, the kits enabled sophisticated “adversary-in-the-middle” attacks that can bypass multifactor authentication.

These attacks have surged in recent months, with criminals increasingly using QR codes to direct victims to fake login pages.

While primarily targeting financial services firms, the phishing campaigns affected users across all sectors.

“A successful phish can have devastating real-world consequences for the victims ... including life savings, which, once stolen, can be very difficult to recover,” Microsoft said.

The Egyptian operation had been active since 2017, offering subscriptions with technical support for cybercriminals.

© Agence France-Presse