Microsoft’s Digital Crimes Unit just scored a big win against cybercrime. They led an operation that shut down 240 bogus websites linked to an Egyptian man named Abanoub Nady, who sold DIY phishing kits branded as ONNX. Nady, also known by the online handle MRxD0DER, created and marketed these phishing-as-a-service kits to less experienced criminals.
These kits were a major threat, particularly targeting the financial services sector. Microsoft identified that emails from the ONNX products contributed to a huge volume of phishing attempts—potentially among the top five operations worldwide. By taking aim at ONNX, Microsoft is disrupting the cybercrime supply chain and working to shield users from fraud, data theft, and ransomware attacks.
Stephen Masada, assistant general counsel at the DCU, said, “We’re focused on breaking the tools criminals use to launch their attacks to protect customers.” He noted that their aim is to disconnect bad actors from the essential resources they need to operate, raising the barriers and costs for would-be offenders.
Microsoft partnered with LF Projects, the trademark owner of the legitimate ONNX name. They’re taking decisive steps to protect users from criminals misusing their branding. “We’re not just standing by while these malicious actors exploit our names,” Masada added.
Nady was named in this case to help deter others from pursuing similar paths. The Linux Foundation applauded the collaboration, emphasizing that teamwork is vital in combating complex cyber challenges.
In recent times, there has been a spike in sophisticated phishing attacks, particularly those utilizing malicious QR codes, known as quishing. Microsoft’s action against ONNX is not a snap decision; it’s the result of a thorough investigation dating back to 2017, tracking Nady’s various schemes, including others like Caffeine and FUHRER.
Nady’s kits were designed for high-volume email attacks, sold through a subscription model with various levels of service, including a VIP tier featuring round-the-clock tech support. Promotions and sales largely took place on Telegram, with customers receiving step-by-step guidance on executing attacks.
Thanks to a civil court order in the Eastern District of Virginia, Microsoft has taken control of Nady’s technical infrastructure, which means it can no longer be used for future attacks.
While this action will significantly disrupt ONNX’s operations, Masada cautions that new criminals will likely fill the gap with their own methods. “We want to send a clear message: we will actively pursue solutions to protect our users,” he said. He also stressed the importance of staying informed and vigilant against evolving cybersecurity threats, underlining the need for continued collaboration to tackle the cyber threat landscape effectively.