{"id":317,"date":"2025-09-19T14:40:37","date_gmt":"2025-09-19T04:40:37","guid":{"rendered":"https:\/\/qld.cybersafebusiness.au\/index.php\/2025\/09\/19\/how-microsoft-took-down-a-major-phishing-operation-and-what-it-means-for-your-business\/"},"modified":"2025-09-19T14:40:37","modified_gmt":"2025-09-19T04:40:37","slug":"how-microsoft-took-down-a-major-phishing-operation-and-what-it-means-for-your-business","status":"publish","type":"post","link":"https:\/\/qld.cybersafebusiness.au\/index.php\/2025\/09\/19\/how-microsoft-took-down-a-major-phishing-operation-and-what-it-means-for-your-business\/","title":{"rendered":"How Microsoft Took Down a Major Phishing Operation\u2014and What It Means for Your Business"},"content":{"rendered":"<p>Did you know that phishing kits are being sold for as little as $150 a month, enabling cybercriminals to launch large-scale attacks against businesses like yours?<\/p>\n<p>Microsoft recently took decisive action against a prominent phishing-as-a-service (PaaS) operation known as ONNX. The company exposed the identity of its alleged operator, Abanoub Nady, and dismantled key parts of his infrastructure. Here\u2019s what happened\u2014and why it matters for your organization.<\/p>\n<h4>What Was ONNX?<\/h4>\n<p>The ONNX phishing service provided cybercriminals with tools to craft and distribute sophisticated phishing campaigns. It even enabled Adversary-in-the-Middle (AitM) attacks, a method where hackers intercept login sessions to bypass multi-factor authentication (MFA)\u2014a reminder that even MFA isn\u2019t foolproof against determined attackers.<\/p>\n<p>With prices starting at $150 per month, ONNX allowed its customers to conduct large-scale credential harvesting, putting countless businesses and users at risk.<\/p>\n<h4>Microsoft\u2019s Disruption Efforts<\/h4>\n<p>After tracking Nady\u2019s activities since 2017, Microsoft, in collaboration with the Linux Foundation, took legal action to disrupt his operations. The company seized 240 malicious domains linked to phishing campaigns associated with ONNX and similar services like Caffeine and FUHRER.<\/p>\n<p>This effort, supported by a court order in the Eastern District of Virginia, redirected ONNX\u2019s technical infrastructure to Microsoft, effectively shutting it down and severing access for its cybercriminal customers.<\/p>\n<h4>Why This Matters to You<\/h4>\n<p>While this action is a win for cybersecurity, it\u2019s not the end of phishing-as-a-service. As Microsoft itself noted, other providers will likely fill the void left by ONNX. This means businesses cannot afford to let their guard down.<\/p>\n<h4>Protecting Your Business from Phishing Attacks<\/h4>\n<ol>\n<li>Educate Your Team: Regularly train employees to spot phishing attempts and follow safe practices online.<\/li>\n<li>Implement Advanced Security Measures: Beyond basic MFA, use tools like behavioral analytics to detect suspicious activity.<\/li>\n<li>Partner with Experts: Cyber threats evolve daily. Partnering with professionals, like Cyber Safe Business, ensures your defenses stay ahead of the curve.<\/li>\n<\/ol>\n<p>Microsoft\u2019s efforts highlight the importance of staying proactive against cybercrime. If one phishing service could operate for years and compromise countless credentials, imagine the damage another could do without proper safeguards.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Did you know that phishing kits are being sold for as little as $150 a month, enabling cybercriminals to launch large-scale attacks against businesses like yours? Microsoft recently took decisive [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":316,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-317","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/comments?post=317"}],"version-history":[{"count":0,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/317\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media\/316"}],"wp:attachment":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media?parent=317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/categories?post=317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/tags?post=317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}