Hidden Phishing Empire Unveiled! ????

Sep 07 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that gives cyber criminals all the time, patience, and respect that Joe Jonas and Sophie gave their marriage ????. They split up. Presumably it’s of consequence because it’s trending on Twitter ????

Today’s hottest cybersecurity news stories:

  • ???? Introducing the W3LL store, your one-stop shop for all things phishing ????

  • ⚡ SEL's power management products now feature 9 glaring vulnerabilities ????

  • ???? GhostSec hacktivists leak source code of alleged Iranian surveillance tool ????????

W3LL that escalated quickly ????

???? Hidden Phishing Empire Unveiled! ????

A clandestine "phishing empire" has emerged, orchestrating cyberattacks on Microsoft 365 business email accounts for the past six years. Dubbed the "W3LL Store," this underground market caters to a community of over 500 cyber threat actors. ????

The heart of the operation is the "W3LL Panel," a custom phishing kit designed to bypass Multi-Factor Authentication (MFA) along with 16 other specialised tools for Business Email Compromise (BEC) attacks. ????

???? Targets

More than 56,000 corporate Microsoft 365 accounts were in the crosshairs, with 8,000 already compromised. The attacks hit the US, UK, Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy, netting $500,000 in ill-gotten gains. ????????

???? Sectors

Industries infiltrated include manufacturing, IT, consulting, financial services, healthcare, and legal services. The W3LL Panel operated close to 850 unique phishing websites during the same timeframe. ????????

???? W3LL's Arsenal

It's an all-in-one phishing instrument offering custom tools, mailing lists, and access to compromised servers, reflecting the trend of Phishing-as-a-Service (PhaaS) platforms. The kit's core component is an adversary-in-the-middle (AiTM) phishing tool, capable of bypassing MFA. ????????

???? Anti-Bot Measures

The panel boasts anti-bot functionality to outsmart automated web scanners, ensuring longer-lasting phishing campaigns.

???? The Process

The attacker uses tools like LOMPAT to validate email addresses and then sends phishing messages. Victims who click are funnelled through an anti-bot script to a phishing landing page. Credentials are harvested, granting access to the Microsoft 365 account.

???? Innovation

The W3LL Store is a game-changer, offering an entire BEC killchain toolkit for cybercriminals of all technical levels. The rising demand for phishing tools fuels competition among developers, driving innovation.

???? Microsoft Alert

This revelation follows Microsoft's warning about AiTM techniques employed through PhaaS platforms. These techniques allow access to privileged systems without re-authentication.

Stay vigilant, stay safe! ????????

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

C’mon guys, you’re SELling yourselves short with this ????

team usa countdown GIF by U.S. Figure Skating

Gif by usfigureskating on Giphy

???? Nine Flaws Uncovered in Electric Power Management Products! ????

Schweitzer Engineering Laboratories (SEL) has been hit with a series of security flaws, with the most serious allowing remote code execution (RCE) on an engineering workstation, according to Nozomi Networks. ????

???? The Issues

These vulnerabilities, tracked as CVE-2023-34392 and CVE-2023-31168 through CVE-2023-31175, impact SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator, crucial for device configuration and monitoring.

⚠️ Risk Levels

The flaws range in severity from 4.8 to 8.8 (CVSS scores). CVE-2023-31171 can be exploited via a phishing email to execute code on the workstation, potentially leading to administrative access when chained with CVE-2023-31175. CVE-2023-34392 could enable attackers to send hidden commands through a watering hole attack.

???? Previous Vulnerabilities

This follows 19 earlier SEL Real Time Automation Controller (RTAC) suite vulnerabilities, allowing unauthorised access, manipulation, and code execution.

???? National Initiative

Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is collaborating with MITRE to enhance cyber attack emulation tools, focusing on operational technology (OT) networks.

Stay vigilant in the face of evolving cyber threats! ????????

????️ Extra, Extra! Read all about it! ????️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ✈️ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.

  • ???? Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.

  • ???? Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

Iranian govt: Hang on a GhostSec, that’s our code ????

tory kittles computer GIF by Colony USA

Gif by colonyusa on Giphy

???? Hacker Group Exposes Iranian Surveillance Software! ????

GhostSec, a hacktivist group, is unveiling the source code of alleged surveillance software used by Iran. The code comes from the Iranian FANAP group, which initially provided tech to financial and IT services but expanded into a comprehensive surveillance system for the Iranian government, similar to Pegasus spyware.

???? What's Been Disclosed?

GhostSec has released portions of the code, including facial recognition and privacy-invading features like video surveillance and car tracking systems. Notably, they claim this software was deployed across Iran's Pasargad Bank.

???? Why Did GhostSec Do It?

GhostSec, known for its human rights advocacy, aims to protect privacy and expose surveillance. They accessed the source code via FANAP infrastructure, then compromised a server to reveal the code.

????️ FANAP's Response:

FANAP denied the leak, stating it only recognizes faces with consent. GhostSec contends they found extensive components, exposing the software's true capabilities.

This disclosure raises concerns about surveillance and privacy. Stay tuned for updates on this developing story. ????????️‍♂️

So long and thanks for reading all the phish!

Recent articles