Malicious activity involving the new FlowerStorm phishing-as-a-service platform aimed at Microsoft 365 credentials has escalated following a technical issue that prompted the "partial" infrastructure collapse of the Rockstar2FA PhaaS platform last month, according to BleepingComputer. Most FlowerStorm attacks have been targeted at the U.S., followed by Canada, the UK, Australia, and Italy, while services, manufacturing, retail, and financial services were most impacted by the intrusions, a report from Sophos revealed. Additional findings showed both FlowerStorm and Rockstar2FA to have been leveraging not only legitimate login page-spoofing phishing portals but also significantly similar HTML structures, credential harvesting approaches, and domain registration and hosting activity. "We cannot with high confidence link Rockstar2FA and FlowerStorm, other than to note that the kits reflect a common ancestry at a minimum due to the similar contents of the kits deployed. The similar patterns of domain registration could be a reflection of FlowerStorm and Rockstar working in coordination, though it is also possible that these matching patterns were driven by market forces more than the platforms themselves," said Sophos. |
Malware
Novel FlowerStorm PhaaS gains traction after Rockstar2FA disruption
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds