Thousands Of Microsoft 365 Accounts Under Threat From W3LL Phishing Kit

[ad_1]

Hundreds of threat actor groups are using a highly advanced phishing kit to target corporate Microsoft 365 accounts, with relative success, according to a new report from cybersecurity experts Group-IB.

The phishing kit is called W3LL, and it’s been in development since at least 2017. In that time, the kit grew and improved, and with it – its popularity rose, with more than 500 groups currently using it.

Those groups have managed to create roughly 850 phishing campaigns, which sought to steal Microsoft 365 credentials from more than 56,000 accounts. Apparently, they succeeded in some 8,000 instances. The result is, the researchers say, “millions of dollars” in financial losses, and possibly millions of files stolen from endpoints.

W3LL phishing attacks

Table of Contents

One of W3LL’s key selling propositions is the ability to bypass multi-factor authentication, the experts said. Also, as it covers almost the entire kill chain in a Business Email Compromise (BEC) operation, it can be used by crooks “of all technical skill levels”. Finally, W3LL has its own app store, where cybercriminals can purchase different tools, modules, and such.

Some of the key tools, as per the report, include SMTP senders PunnySender and W3LL Sender, a malicious link stager called W3LL Redirect, a vulnerability scanner called OKELO, an automated account discovery utility CONTOOL, and an email validator called LOMPAT.

“W3LL’s major weapon, W3LL Panel, may be considered one of the most advanced phishing kits in class, featuring adversary-in-the-middle functionality, API, source code protection, and other unique capabilities,” Group-IB explained.

Phishing is one of the most popular, and basic, attack verticals. It’s cheap to set up and can easily be automated. With email’s wide reach, the potential of phishing attacks is unparalleled. Even today, most cyberattacks start with an email message that either carries a malicious attachment, or a link.

Via: BleepingComputer

More security news from TechRadar Pro

[ad_2]
#Thousands #Microsoft #accounts #threat #W3LL #phishing #kit

Thousands of Microsoft 365 accounts under threat from W3LL phishing kit

Like this:

Related

Leave a ReplyCancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

Amid Russia Oil Row, India Says Its Energy Sector Is Rising Through Global Uncertainty

Bengaluru Needs Rs 1.5 Lakh Crore For Infrastructure, DK Shivakumar Urges PM Modi

Uttarkashi Floods: Bailey Bridge In Gangnani To Restore Link; 800 Rescued So Far

Himachal Pradesh: 359 Roads, 132 Power Lines, 520 Water Schemes Hit Due To Monsoon

Karnataka Chief Poll Officer Seeks Proof From Rahul Gandhi Over Double-Voting Claim, Says `Provide Relevant Documents `

As PM Modi Inaugurates Namma Metro, Karnataka Govt Highlights Contribution Hinting At Credit War

Bengaluru’s Namma Metro Yellow Line Operations Starts: Route, Stations, Distance, Cost, Other Details

UP Shocker: Love, Loan And Murder? Woman Calls Lover, Kills Him With Husband

ED Seeks 7-year Imprisonment For Robert Vadra In Gurugram Land Deal Case

Chennai To Host 3-Day Patriotic Film Festival Ahead Of Independence Day Celebrations

Welcome

Categorys

Site Links