W3LL Store: Unmasking a Covert Phishing Operation Targeting 8,000+ Microsoft 365 Accounts

 

A hitherto undisclosed “phishing empire” has been identified in a series of cyber attacks targeting Microsoft 365 business email accounts spanning six years. 
According to a report from cybersecurity firm Group-IB, the threat actor established an underground market called W3LL Store, catering to a closed community of around 500 threat actors. This market offered a custom phishing kit called W3LL Panel, specifically designed to bypass Multi-Factor Authentication (MFA), alongside 16 other specialized tools for Business Email Compromise (BEC) attacks.
Between October 2022 and July 2023, the phishing infrastructure is estimated to have aimed at over 56,000 corporate Microsoft 365 accounts,  compromising at least 8,000 of them. The majority of the attacks were concentrated in countries including the U.S., the U.K., Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy. The operators of this operation reportedly reaped approximately $500,000 in illegal gains.
Various sectors fell victim to this phishing campaign, notably manufacturing, IT, consulting, financial services, healthcare, and legal services. Group-IB pinpointed almost 850 distinct phishing websites associated with the W3LL Panel during the same timeframe.
The Singapore-based cybersecurity company has characterized W3LL as a comprehensive phishing tool that

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: