Malware

Novel FlowerStorm PhaaS gains traction after Rockstar2FA disruption

Malicious activity involving the new FlowerStorm phishing-as-a-service platform aimed at Microsoft 365 credentials has escalated following a technical issue that prompted the "partial" infrastructure collapse of the Rockstar2FA PhaaS platform last month, according to BleepingComputer.

Most FlowerStorm attacks have been targeted at the U.S., followed by Canada, the UK, Australia, and Italy, while services, manufacturing, retail, and financial services were most impacted by the intrusions, a report from Sophos revealed. Additional findings showed both FlowerStorm and Rockstar2FA to have been leveraging not only legitimate login page-spoofing phishing portals but also significantly similar HTML structures, credential harvesting approaches, and domain registration and hosting activity. "We cannot with high confidence link Rockstar2FA and FlowerStorm, other than to note that the kits reflect a common ancestry at a minimum due to the similar contents of the kits deployed. The similar patterns of domain registration could be a reflection of FlowerStorm and Rockstar working in coordination, though it is also possible that these matching patterns were driven by market forces more than the platforms themselves," said Sophos.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds