Skip to content
Stay Safe Online with Wise Learner HubUnveil the Future of Tech

Over 56,000 Microsoft 365 Accounts Targeted by Sophisticated Phishing Kit

The W3LL Panel phishing kit threatens Microsoft 365 accounts. Despite multifactor authentication, it's not foolproof against this sophisticated attack.

 and  Administrator
1 min read
In the image there are few people, the first two men were wearing Microsoft id cards.
In the image there are few people, the first two men were wearing Microsoft id cards.

Over 56,000 Microsoft 365 Accounts Targeted by Sophisticated Phishing Kit

Over 56,000 corporate Microsoft 365 accounts worldwide have been targeted by a sophisticated phishing campaign since October 2021. The U.S. was the most affected, with manufacturing, IT, and financial services among the hardest hit sectors. The phishing kit, W3LL Panel, can bypass multifactor authentication and has compromised at least 8,000 accounts in the last 10 months.

The W3LL Panel phishing kit, sold on the dark web marketplace W3LL, targets Microsoft 365 business accounts. It can bypass multifactor authentication, demonstrating that even this security measure is not foolproof against credential theft. The kit has a 14% success rate per attack, enabling high-volume phishing campaigns that attempt to circumvent MFA protections at scale.

The kit's advanced features include adversary-in-the-middle functionality and API integration. It is mainly linked to cybercriminals using automated phishing-as-a-service platforms that clone branded login pages and distribute links. The development involves using tools from public offensive repositories and tailored malware techniques to evade detection and operate stealthily within target systems. Despite its sophistication, specific public information about the individual or group behind W3LL Panel remains undisclosed.

Over 56,000 corporate Microsoft 365 accounts have been targeted by a sophisticated phishing campaign. The W3LL Panel phishing kit, with its advanced features and high success rate, poses a significant threat to businesses. While multifactor authentication remains a crucial security measure, it is not a foolproof solution against account takeovers. Businesses must remain vigilant and consider additional security measures to protect their accounts.

Read also:

Related

Latest