当前位置:首页 > 报告详情

ONNX商店:一个针对金融机构的钓鱼即服务平台的兴衰.pdf

上传人: 可*** 编号:991876 2025-12-07 30页 5.14MB

1、Sr.Cyber Threat Intelligence Analyst EclecticIQArda BykkayaONNX Store:The Rise and Fall of a Phishing-as-a-Service Platform Targeting Financial Institutions Understanding Phishing-as-a-Service(PhaaS)Inside the ONNX Store Phishing Operations Unmasking the ONNX Store Admin Importance of True Attributi

2、on in CTI Prevention Methods&Key TakeawaysAgendaArda Bykkaya About me Senior Cyber Threat Intelligence Analyst at EclecticIQ 4+years of experience delivering actionable intelligence Background in Malware Analysis and Incident Response Uncovering nation-state APT operations and tracking financially m

3、otivated threat actorsWhichbufferArdaardabuyukkayaUnderstanding Phishing-as-a-Service(PhaaS)Inside the ONNX Store phishing operations Active PhaaS since 2020 as Caffeine Store brand Managed by MRxC0DER persona Microsoft identified 16.8+million phishing emails tied to the ONNX Store 1Rebranding from

4、Caffeine ONNX Store Oct 10,2022:Mandiant exposed the Caffeine Store Research from Mandiant likely created an attention amongst cybercriminals.Nov 27,2023:Poor reviews and support issues led to its rebranding as ONNX Store.Strong branding and marketing:o users can publish their successful operations

5、and get 3 days free accesso stolen icon from Open Neural Network Exchange(They get sued for that one!)24/7 customer support over Telegram channel Payment over cryptocurrencyQR code phishing(Quishing)for delivery Evading the Secure email Gateway QR code embedded inside the PDF attachment QR code scan

6、 trough smartphone leads to Phishing page Companies dont have enough visibility in smartphone usersTargeting Microsoft 365 for Business email compromiseAdversary-in-the-Middle(AiTM)Phishing AttackUnmasking the ONNX Store admin Expired API errors in Caffeine and ONNX Store are nearly identical Both p

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据文章内容,以下是全文关键点的概括: 1. **Phishing-as-a-Service (PhaaS) 平台分析**:ONNX Store曾是Caffeine Store,自2020年起活跃,由MRxC0DER管理,与Microsoft关联的钓鱼邮件超过1680万封。 2. **ONNX Store运营特点**:提供免费试用、24/7客户支持、使用加密货币支付,通过QR代码钓鱼,针对Microsoft 365进行商务电子邮件欺诈。 3. **ONNX Store管理员揭露**:通过错误信息、论坛广告、社交媒体和电子邮件等途径,确定了MRxC0DER的真实身份。 4. **真实归因的重要性**:Microsoft和LF Projects对MRxC0DER及其团队提起诉讼,指控其滥用微软服务器运行240个钓鱼网站。 5. **预防方法**:实施基于风险的访问策略、投资先进的反钓鱼解决方案、采用FIDO2密钥进行无密码认证。 6. **关键结论**:云基础身份攻击的流行、行动情报的重要性以及真实归因对中断网络犯罪活动的作用。
ONNX Store的兴衰" 如何防范?" CTI中的关键作用"
客服
商务合作
小程序
服务号
折叠