A new Microsoft 365 phishing service has emerged, so be on your guard

Researchers said that Rockstar2FA went quiet in November 2024
But a new PaaS emerged soon afterwards, with partly overlapping infrastructure
The new PaaS is called FlowerStorm, and it targets Microsoft365 accounts

Cybersecurity researchers from Sophos have warned a new Phishing-as-a-Service (PaaS) tool has emerged, allowing threat actors to easily hunt for people’s Microsoft 365 credentials.

This tool is called FlowerStorm, and it might have emerged from the (defunct) Rockstar2FA, the company revealed, noting how in November, detections for Rockstar2FA have “suddenly gone quiet”.

The organization’s infrastructure was taken offline, at least partly, for reasons yet unknown – but the researchers don’t think this was the work of law enforcement, though.

Long live FlowerStorm?

Rockstar2FA was a PaaS platform designed to bypass two-factor authentication (2FA), primarily targeting Microsoft 365 accounts. It worked by intercepting login processes to steal session cookies, allowing attackers to access accounts without needing credentials or verification codes. Through a simple interface and Telegram integration, threat actors that purchased a license could manage their campaigns in real time.

The new platform, which emerged in the weeks after Rockstar2FA went quiet, was dubbed FlowerStorm by the researchers. Apparently, much of its tools and features overlap with that of Rockstar2FA, which is why Sophos speculates that it could be its (spiritual) successor.

The vast majority of the targets chosen by FlowerStorm users (84%) are located in the United States, Canada, United Kingdom, Australia, and Italy, Sophos added.

Companies in the States were most frequently targeted (60%), followed by Canada (8.96%). Overall, almost all (94%) of FlowerStorm targets were either in North America or Europe, with the rest falling on Singapore, India, Israel, New Zealand, and the United Arab Emirates.

The majority of the victims are in the service industry, namely firms providing engineering, construction, real estate, and legal services and consulting.

Defending against FlowerStorm is the same as against any other phishing attack – using common sense and being careful with incoming emails.

https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1200-80.jpeg

Source link

Quordle hints and answers for Thursday, April 2 (game #1529)

NYT Connections hints and answers for Thursday, April 2 (game #1026)

NYT Strands hints and answers for Thursday, April 2 (game #760)

The Super Mario Galaxy Movie receives a worse rating than its predecessor, as critics call it ‘a bland screensaver that’s worse than AI’

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

$20M and Nothing to Prove

Batman Officially Names DC’s 3 Most Evil Villains

New Sci-Fi Masterpiece Quickly Defeats Dwayne Johnson’s Franchise-Ending Superhero Bomb

Save 50% Off the Matte Black Dark Plates 2.0 Cover Replacement for PlayStation 5 Slim

AI ‘slop’ is flooding YouTube Kids—and more than 200 groups and experts are calling for a ban

Form DEF 14A RAYONIER INC. For: 1 April

The SpaceX IPO is great — but it won’t deliver 100x returns

Wheaton Precious Metals acquires gold, silver stream on Jervois

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

A new Microsoft 365 phishing service has emerged, so be on your guard

$20M and Nothing to Prove

AI ‘slop’ is flooding YouTube Kids—and more than 200 groups and experts are calling for a ban

Batman Officially Names DC’s 3 Most Evil Villains

Form DEF 14A RAYONIER INC. For: 1 April