Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker\"> <meta property=\"og:description\" content=\"The kits, which the company said were a sophisticated approach to bypassing multifactor authentication, pose a particular threat to the financial services sector.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-11-21T19:36:05+00:00\"> <meta property=\"article:modified_time\" content=\"2024-11-21T19:36:08+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1730999764g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1732010462g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82714\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82714\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82714 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.592409240924\">\n<div class=\"single-article__header-content\" readability=\"36.224299065421\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The kits, which the company said were a sophisticated approach to bypassing multifactor authentication, pose a particular threat to the financial services sector. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/82714\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> An Egyptian Fisherman holds a fishing net on the waters of the Pharaonic Sea in the village of Kafr Fisha, province of Monufia, in 2019. (MOHAMED EL-SHAHED\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"27.357368421053\"><body readability=\"57.378589007383\"><\/p>\n<p>Microsoft obtained a court order allowing it to seize 240 websites it says are linked to an Egypt-based seller of do-it-yourself phishing kits used to break into the tech giant\u2019s user accounts, the company said Thursday.<\/p>\n<p>The kit-maker, Abanoub Nady \u2014 known online as MRxC0DER \u2014 used the brand name ONNX to sell the services, the trademark name of which is owned by the Linux Foundation. Linux is a co-plaintiff in the civil court order unsealed in the Eastern District of Virginia, as detailed in <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2024\/11\/21\/targeting-the-cybercrime-supply-chain\/\">a Microsoft blog post<\/a>.<\/p>\n<p>Microsoft said the kits represent a sophisticated threat meant to short-circuit multifactor authentication \u2014 one of the most touted cyber defense precautions \u2014 through an \u201cadversary in the middle\u201d approach.<\/p>\n<p>\u201cAiTM phishing attacks \u2014 where attackers secretly inject themselves in network communications to steal credentials and cookies used to authenticate users\u2019 identity \u2014 have become highly favored, if not the \u2018go-to\u2019 method used by malicious actors to bypass the additional protections of Multifactor Authentication (MFA) defenses,\u201d wrote Steven Masada, assistant general counsel in the Digital Crimes Unit.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The kits pose a particular danger to one sector, Masada said.<\/p>\n<p>\u201cWhile all sectors are at risk, the financial services industry has been heavily targeted given the sensitive data and transactions they handle,\u201d he wrote. \u201cIn these instances, a successful phish can have devastating real-world consequences for the victims. It can result in the loss of significant amounts of money, including life savings, which, once stolen, can be very difficult to recover.\u201d<\/p>\n<p>Microsoft has, <a href=\"https:\/\/cyberscoop.com\/microsoft-china-lawsuit-court-nickel-apt15-ke3chang\/\">for many years<\/a>, sought court orders with the intention of disrupting hacking threats by seizing websites and domains. It acknowledges that the court orders don\u2019t put the culprits out of business, but can deal them a setback that costs them time and money to rebuild.<\/p>\n<p>MRxC0DER has <a href=\"https:\/\/cofense.com\/blog\/caffeine-phishing-service-domains-patterns-still-heavily-used-after-store-seemingly-defunct\/\">drawn the attention<\/a> of threat researchers for the past couple of years as well, with a particular emphasis on the targeting of Microsoft 365 users, first through the since-defunct \u201cCaffeine\u201d phishing-as-a-service, but <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/onnx-phishing-service-targets-microsoft-365-accounts-at-financial-firms\/\">more recently<\/a> through the fraudulent ONXX service.<\/p>\n<p>\u201cWe encourage organizations who find themselves in a position to fight one element of a cybercrime problem to identify ways to collaborate and build a stronger collective response,\u201d the Linux Foundation said in a statement. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,2286,1901,2455,532,625,1396,60,2345],"tags":[286,2295,1902,2457,537,630,1397,67,2348],"class_list":["post-6351","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-egypt","category-financial-sector","category-financial-services","category-linux","category-microsoft","category-multi-factor-authentication-mfa","category-phishing","category-u-s-courts","tag-cybercrime","tag-egypt","tag-financial-sector","tag-financial-services","tag-linux","tag-microsoft","tag-multi-factor-authentication-mfa","tag-phishing","tag-u-s-courts"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/egypt\/\" rel=\"category tag\">Egypt<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/financial-sector\/\" rel=\"category tag\">financial sector<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/financial-services\/\" rel=\"category tag\">Financial services<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/linux\/\" rel=\"category tag\">Linux<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/multi-factor-authentication-mfa\/\" rel=\"category tag\">multi-factor authentication (MFA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/phishing\/\" rel=\"category tag\">phishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/u-s-courts\/\" rel=\"category tag\">U.S. courts<\/a>","tag_info":"U.S. courts","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6351"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6351\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6351,"date":"2024-11-21T13:36:05","date_gmt":"2024-11-21T19:36:05","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82714"},"modified":"2024-11-21T13:36:05","modified_gmt":"2024-11-21T19:36:05","slug":"microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/21\/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker\/","title":{"rendered":"Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker"},"content":{"rendered":"