Articles Microsoft Announces Large-Scale Operation BulletProofLink Offering Phishing As A...

Microsoft Announces Large-Scale Operation BulletProofLink Offering Phishing As A Service


Microsoft experts said BulletProofLink (aka BulletProftLink or Anthrax), a Phishing-as-a-Service (PHaaS), is responsible for many of the recent phishing campaigns targeting companies and organizations.

It should be noted that BulletProofLink was first discovered back in October 2020 by OSINT Fans researchers, who published a series of articles ( 1 , 2 , 3 ) describing some of the mechanisms of the PHaaS platform.

Researchers now report that the attackers behind BulletProofLink provide cybercriminals with a variety of subscription services, from selling phishing kits (collections of phishing pages and templates that mimic the login forms of well-known companies) and email templates, to hosting and automated services.

Basically, customers simply sign up to BulletProofLink for a $ 800 fee and BulletProofLink operators do the rest for them. The services of the service include: setting up a web page to host a phishing site, installing the phishing template itself, configuring a domain (URL) for phishing sites, sending phishing emails to victims, collecting credentials obtained during these attacks, and then delivering the stolen logins and passwords for “solvent clients” at the end of the week.

Should a customer want to change their phishing templates, BulletProofLink operators have a separate store where attackers can buy new attack templates for between $ 80 and $ 100 each. There are currently about 120 different templates available on the BulletProofLink Store, and there are tutorials on the site to help customers use the service.

Microsoft researchers also report that BulletProofLink operators are not clean on hand and steal from their customers: the service saves copies of all collected credentials, which are then sold on the darknet, bringing them additional profit.

Microsoft describes BulletProofLink as a technically complex operation, and notes that service operators often use hacked sites to host their phishing pages. Also, in some cases BulletProofLink compromises the DNS records of compromised sites in order to create subdomains for hosting phishing pages.

“When we investigated phishing attacks, we found a campaign that used a large number of newly created and unique subdomains – more than 300,000 at a time,” say experts, describing the scale of BulletProofLink’s work.

Microsoft calls this tactic “endless abuse of subdomains.” It allows attackers to create unique URLs for each phishing victim using only one domain, bought or compromised specifically to carry out the attacks. Even worse, unique URLs pose a problem in preventing and detecting such attacks, since security solutions are usually focused on exact matching of domains and URLs.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you