Microsoft unravels the mystery of PhaaS attack

    An investigation led Microsoft to a phishing-as-a-service operation known by the name BulletProofLink. Before we get into the details of the phishing scam, let us know what is phishing? 

    Phishing is a kind of cybercrime wherein the criminals pose as someone representing a trustworthy source and then tempting the victim to divulge the passwords, username, and other credentials. Phishing has been there for quite some time now, but the modus operandi has evolved over the years with an effort to make it foolproof. 

    Let us find out how the Microsoft Phishing scam was unraveled during the investigation of phishing attacks by Microsoft

    Phishing-as-a-service operation – Microsoft’s chase

    The corporate tech stalwart said that it spotted the BulletProofLink, which is also known by the name BulletProftLink and Anthrax while investigating the phishing attacks that took place of late. The one acting behind the scene here extends or sells phishing kits, automated, hosting services aside from email templates operating under a single payment subscription or a monthly based one. 

    The Microsoft 365 Defender Threat Team said that they came across this campaign where a huge volume of unique and new subdomains was found, with over 3000,000 in a “single run“.

    How does BulletProofLink operate?

    With more than 100 phishing templates available, they mimic some of the well-known brands and services and their activities have adversely impacted the operations of a considerable number of enterprises today. 

    OSINT Fans brought the activities of the BulletProofLink to everyone’s notice in October 2020 by publishing 3-part series wherein the inner workings of this particular PhaaS operation were revealed. 

    They also revealed that then, BulletProofLink ICQ group chat already had as many as 1,618 members in 2020 and these members all dealt with stolen passwords and Bulletproftlink phishing services. 

    Double theft used for enhancing profits

    Aside from the Phishing attack and what activities Microsoft Phishing email and more has revealed, the threat actor also indulged in so-called double theft so that it could earn more in profits by illegal means. 

    This is the same tactic that the ransomware gang adopts. The double theft here refers to a strategy when credentials are stolen in phishing attacks, and they are sent to another server (the secondary server) that is controlled by the operators running the PhaaS operation where phishing kits provided by them are used a default configuration. 

    In this way, the credentials that are collected by BulletProofLink clients are sent to PhaaS operators if the cybercriminals that are using their services fail to customize the phish kits to their servers. 

    In case of ransomware and phishing attacks, the BulletProofLink operators that provide the resources for facilitating the attacks also ensure that the stolen credentials and data obtained can be used in the maximum ways possible said Microsoft. 

    Understanding how phishing scams work

    Just as any legally operating business outsources some of the operations and services to a third party, even cybercriminals outsource their work. Cybercrime has become a bigger sect these days with expanding malware, phishing campaigns, and ransomware. 

    In any PhaaS business, the attackers hire the services of an operator so that the operator can develop and use a campaign partially or wholly. The package will have items like redistribution and credential parsing, phony sign-in pages, and website-related hoax services. 

    As mentioned above, BulletProofLink has been active since 2018 and has its own About Us page. It uses BulletProofLink, BulletProftLink, and Anthrax interchangeably.


    RELATED ARTICLES

    FTasiatrading technology news by FintechAsia

    FTasiatrading Technology News by FintechAsia: Revolutionizing Asia’s Financial Future

    In the ever-evolving world of finance and technology, the need for correct, up-to-the-moment records is...
    Wheon is now Wheonx

    Wheon Is Now Wheonx: Official Brand Update

    In a world of constant digital change, adaptability is a must. It is important to...
    AI for sales

    AI for Sales: Boost Deals And Unlock Hidden Revenue Today!

    When you think about AI for sales, it can feel like stepping into a sci-fi...
    Qugafaikle5.7.2

    Qugafaikle5.7.2: A Super Easy Explanation

    These days, staying in advance in a hyper-digital international of establishments demands a great deal...
    How to Create AI Videos from Pictures

    How to Create AI Videos from Pictures?

    Even today, digital static imagery is increasingly complex in capturing attention, especially in an attention...
    Best Editing Software

    Best Editing Software: Elevate Your Content Creation Game

    Whether you are a content creator, YouTuber, or person who enjoys editing videos for fun,...
    erp sgt

    ERP SGT: Power up Your Business Game Successfully & Smoothly

    Do you own a small or medium-sized company and wish to run your business more...
    FTasiatrading technology news by FintechAsia

    FTasiatrading Technology News by FintechAsia: Revolutionizing Asia’s Financial Future

    In the ever-evolving world of finance and technology, the need for correct, up-to-the-moment records is...
    cricket 07 wheon.com

    Cricket 07 Wheon.com: Why Gamers Love the Wheon Edition

    EA Sports Cricket 07, a game that has stood the test of time since its...
    Wheonx Health

    Wheonx Health: Redefining Wellness in 2025

    In the age of digital transformation, which is reaching into all industries, health care is...
    Wheon is now Wheonx

    Wheon Is Now Wheonx: Official Brand Update

    In a world of constant digital change, adaptability is a must. It is important to...