Microsoft’s Digital Crimes Unit (DCU) has seized 240 fraudulent websites linked to an infamous cybercrime figure that deceptively used the brand name “ONNX” to market services.
Abanoub Nady, known by his alias, “MRxC0DER”, has been pivotal in developing and selling “do it yourself” phishing kits. These kits were subsequently purchased by various cybercriminals, who launched extensive phishing campaigns designed to breach Microsoft customer accounts.
Although all sectors face risks, the financial services industry has been especially targeted due to its handling of sensitive data and transactions. Such breaches can have devastating real-world impacts, often resulting in the loss of substantial sums of money, potentially wiping out life savings.
Phishing attempts from these kits contribute significantly to the tens of millions of phishing messages detected by Microsoft each month. As identified in this year’s Digital Defense Report, the fraudulent ONNX cybercrime operation was highlighted as one of the top five phishing kit providers by email volume for the first half of 2024.
Similar to legitimate e-commerce businesses, Abanoub Nady and his associates promoted their illicit tools through branded storefronts like the “ONNX Store”. By targeting this operation, Microsoft disrupts the wider cybercriminal supply chain—thereby protecting customers from resultant threats including financial fraud, data theft, and ransomware.
The fraudulent ONNX operation showcases the evolving sophistication of online threats.
“Adversary-in-the-middle” (AiTM) phishing techniques, where attackers intercept network communications to steal credentials and cookies, have become a preferred method used by cybercriminals to bypass Multi Factor Authentication (MFA) defences. Microsoft reports a 146% increase in these AiTM attacks, reflecting their rising prevalence.
In a recent alert from FINRA (Financial Industry Regulatory Authority) there was a stark warning about the surge in AiTM attacks against members, a spike attributed to the fraudulent ONNX operation. These attacks included novel techniques such as QR code phishing, or “quishing”, which uses embedded codes to direct users to malicious domains.
Beginning in September 2023, Microsoft observed a considerable rise in phishing attempts leveraging QR codes, which now account for nearly a quarter of all email-based phishing attempts. These methods present unique challenges for cybersecurity providers, as they often appear as harmless, unrecognisable images.
By seizing these websites, Microsoft’s strategy aims to disrupt the tools that cybercriminals depend on, thereby severing their operational infrastructure. The objective is to protect consumers and deter cybercriminal activity by significantly raising the barriers to entry.
Microsoft’s collaboration with co-plaintiff LF Projects, LLC – the trademark owner of ONNX – further strengthens this initiative. Unlike the cybercrime operation, the legitimate ONNX (Open Neural Network Exchange) is an open standard format for representing machine learning models, enabling smoother interoperability across different hardware and software platforms.
Microsoft says it publicly identified Nady to not only hold him accountable, but to deter others from engaging in similar malicious activities.
Evidence gathered by Microsoft traces Nady’s activities as far back as 2017. Utilising various brand names, including “Caffeine” and more recently the “FUHRER” operation, Nady’s “phishing-as-a-service” model operated much like a legitimate subscription service. His offering included progressive tiers of support – Basic, Professional, and Enterprise – with an “Unlimited VIP Support” option providing detailed guidance for executing phishing campaigns.
These operations maintained visibility and ease of access largely through channels like Telegram, where kits were sold and manipulated with the aid of instructional content distributed via social media.
The civil court order – unsealed in the Eastern District of Virginia – redirects the fraudulent technical infrastructure to Microsoft servers, severing access to these sites. This step ensures these domains cannot be used in future phishing attacks.
Microsoft recognises that the battle against cybercrime is ongoing and requires continuous vigilance. Although this legal action significantly hinders the fraudulent ONNX’s operations, the industry anticipates that new providers will rise to the occasion—and threat actors will adapt their tactics in response.
As cybercriminals advance their methods, it remains imperative for both organisations and individuals to stay informed of emerging threats. For its part, Microsoft says it remains committed to refining its technical and legal strategies – working together with global partners across public and private sectors – to hinder and dissuade cybercrime.
(Photo by Josue Valencia)
See also: Chinese hackers breach telcos in espionage campaign
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
👇Follow more 👇
👉 bdphone.com
👉 ultraactivation.com
👉 trainingreferral.com
👉 shaplafood.com
👉 bangladeshi.help
👉 www.forexdhaka.com
👉 uncommunication.com
👉 ultra-sim.com
👉 forexdhaka.com
👉 ultrafxfund.com