Microsoft unravels the mystery of PhaaS attack

    An investigation led Microsoft to a phishing-as-a-service operation known by the name BulletProofLink. Before we get into the details of the phishing scam, let us know what is phishing? 

    Phishing is a kind of cybercrime wherein the criminals pose as someone representing a trustworthy source and then tempting the victim to divulge the passwords, username, and other credentials. Phishing has been there for quite some time now, but the modus operandi has evolved over the years with an effort to make it foolproof. 

    Let us find out how the Microsoft Phishing scam was unraveled during the investigation of phishing attacks by Microsoft

    Phishing-as-a-service operation – Microsoft’s chase

    The corporate tech stalwart said that it spotted the BulletProofLink, which is also known by the name BulletProftLink and Anthrax while investigating the phishing attacks that took place of late. The one acting behind the scene here extends or sells phishing kits, automated, hosting services aside from email templates operating under a single payment subscription or a monthly based one. 

    The Microsoft 365 Defender Threat Team said that they came across this campaign where a huge volume of unique and new subdomains was found, with over 3000,000 in a “single run“.

    How does BulletProofLink operate?

    With more than 100 phishing templates available, they mimic some of the well-known brands and services and their activities have adversely impacted the operations of a considerable number of enterprises today. 

    OSINT Fans brought the activities of the BulletProofLink to everyone’s notice in October 2020 by publishing 3-part series wherein the inner workings of this particular PhaaS operation were revealed. 

    They also revealed that then, BulletProofLink ICQ group chat already had as many as 1,618 members in 2020 and these members all dealt with stolen passwords and Bulletproftlink phishing services. 

    Double theft used for enhancing profits

    Aside from the Phishing attack and what activities Microsoft Phishing email and more has revealed, the threat actor also indulged in so-called double theft so that it could earn more in profits by illegal means. 

    This is the same tactic that the ransomware gang adopts. The double theft here refers to a strategy when credentials are stolen in phishing attacks, and they are sent to another server (the secondary server) that is controlled by the operators running the PhaaS operation where phishing kits provided by them are used a default configuration. 

    In this way, the credentials that are collected by BulletProofLink clients are sent to PhaaS operators if the cybercriminals that are using their services fail to customize the phish kits to their servers. 

    In case of ransomware and phishing attacks, the BulletProofLink operators that provide the resources for facilitating the attacks also ensure that the stolen credentials and data obtained can be used in the maximum ways possible said Microsoft. 

    Understanding how phishing scams work

    Just as any legally operating business outsources some of the operations and services to a third party, even cybercriminals outsource their work. Cybercrime has become a bigger sect these days with expanding malware, phishing campaigns, and ransomware. 

    In any PhaaS business, the attackers hire the services of an operator so that the operator can develop and use a campaign partially or wholly. The package will have items like redistribution and credential parsing, phony sign-in pages, and website-related hoax services. 

    As mentioned above, BulletProofLink has been active since 2018 and has its own About Us page. It uses BulletProofLink, BulletProftLink, and Anthrax interchangeably.


    RELATED ARTICLES

    The Important Aspects of Website Design in NY

    The Important Aspects of Website Design in NY

    Whether you have a website is no longer key in the business landscape. The priority...
    poorvika mobiles pun

    Poorvika Mobiles Pun: Explore the Full Store

    Poorvika Mobiles Pun is a well-known name in the Indian retail business for mobiles and...
    internet safety rules

    Internet Safety Rules: Recognizing the Online Perplexity

    The net has woven itself into the fabric of our everyday lives, becoming a fundamental...
    youtube dark mode

    YouTube Dark Mode: Easy Steps to Enable It Now!

    YouTube dark mode is your ticket to a visually soothing experience. Are you tired of...
    How AI Headshots Can Elevate Your Business Image Instantly

    How AI Headshots Can Elevate Your Business Image Instantly

    We're living in a world where everyone's first impression comes from the digital environment of...
    5 Ways AI Software Can Streamline Your Business Operations

    5 Ways AI Software Can Streamline Your Business Operations

    We live in a fast paced technological world or businesses are under the pressure to...
    How to Make Smart Decisions With Your Home’s Value

    How to Make Smart Decisions With Your Home’s Value

    Your home is more than just where you hang your hat—it’s a big piece of...
    The Important Aspects of Website Design in NY

    The Important Aspects of Website Design in NY

    Whether you have a website is no longer key in the business landscape. The priority...
    ftasiatrading ecommerce tips

    FTAsiaTrading Ecommerce Tips for Smart Buying and Selling

    FTAsiaTrading's e-commerce website is an interesting online platform designed to make transactions smooth for businesses....
    poorvika mobiles pun

    Poorvika Mobiles Pun: Explore the Full Store

    Poorvika Mobiles Pun is a well-known name in the Indian retail business for mobiles and...
    xrp price prediction

    XRP Price Prediction: Unveiling the Future of Ripple 2025 – 2030

    XRP price prediction stirs a whirlwind of speculation, leaving many investors wondering about its potential....