Microsoft has recently issued a significant warning regarding the activities of a cyber-crime group named ONNX Marketing Services, which has been identified as distributing highly sophisticated phishing email kits. These kits have the potential to compromise Microsoft Customer Accounts across a wide range of online services, significantly threatening the security of personal and corporate data.
The company revealed that the ONNX criminal organization, which adopts its name from the Open Neural Network Exchange (ONNX), has specifically been targeting financial institutions. According to Microsoft’s latest findings, this group has managed to compromise the security of 63 networks, primarily related to banking and financial sectors. The criminal group has used 240 fraudulent websites, designed to appear legitimate, to deceive and steal from unsuspecting victims. These websites are part of a broader campaign that aims to illegally generate revenue, mainly by tricking individuals into revealing sensitive information such as login credentials and financial details.
In a detailed Digital Defense Report, Microsoft’s Digital Crimes Unit (DCU) emphasized that the ONNX gang has been particularly active in distributing phishing emails throughout 2024. These emails have not only been used to distribute ransomware, but also to steal data and commit various forms of financial fraud. Ransomware, which locks users out of their own data until a ransom is paid, remains a significant tool for the group in its attacks, posing major risks to individuals and businesses alike.
The report further revealed that ONNX has been employing increasingly sophisticated tactics, including the use of Adversary-in-the-Middle Phishing Techniques (AiPT). This form of phishing is particularly dangerous, as it involves intercepting communications between the victim and the service they are interacting with, allowing attackers to manipulate or steal sensitive information. QR Code phishing, also known as Quishing, is another method ONNX has utilized, especially targeting the financial sector. This technique tricks users into scanning fraudulent QR codes that lead them to fake websites, where they are asked to provide personal information.
In addition to the ONNX cybercrime activities, Microsoft’s technical team provided further insights during a CYBERWARCON conference held in Washington, D.C. The company confirmed that the Democratic People’s Republic of Korea (DPRK) has developed a highly effective computer network capable of exploiting and stealing cryptocurrencies. This network targets cryptocurrency exchanges, groups, and individual crypto holders, seeking to illegally acquire digital currencies. Microsoft warned that these actions are a part of broader efforts by North Korea to bypass international sanctions, using stolen cryptocurrencies to fund its national income, as well as engaging in ransomware attacks to further its agenda.
Moreover, there are growing concerns that Russia may soon engage in cyber warfare against the United Kingdom, with some analysts suggesting that this could escalate into a much broader conflict, potentially even leading to a World War III. The evolving situation has raised alarms about the increasing sophistication of cyberattacks, as nations around the world are not only defending against these threats but are also capable of launching highly advanced attacks. With the advent of Generative AI and other cutting-edge technologies, cyber warfare has become an increasingly potent tool for nations to both disrupt their adversaries and advance their own interests on the global stage.
As the cyber threat landscape continues to evolve, organizations and governments worldwide must bolster their defenses against increasingly complex and persistent attacks. Microsoft’s ongoing efforts to track and counteract these threats serve as a critical component of the global cybersecurity infrastructure, and the company’s insights into these emerging risks highlight the need for constant vigilance and proactive measures to safeguard against these evolving digital threats.
