Microsoft killed 240 sites linked to Egyptian cybercriminals selling ONNX phishing kits

Microsoft has taken down at least 240 sites that are linked to Egyptian cybercriminal Abanoub Nady in what could be a massive crackdown on phishing scams.

The Redmond tech giant’s Digital Crimes Unit said that Nady developed and sold phishing kits under the fraudulent ONNX brand. These kits were widely used in phishing attacks, particularly targeting the financial sector, with devastating consequences for victims.

Nady’s operation was part of the “Phishing-as-a-Service” (PhaaS) industry, and the fraudulent ONNX brand was then marketed through Telegram channels and social media platforms.

Coming in different tiers, the cost of these phishing kits varies. The “Basic” plan costs $150 per month with limited features, while the “Professional” plan is $350 for three months, offering more advanced tools. The “Enterprise” plan is $550 for six months, providing lifetime support and additional features like an Office Email Checker.

“Our goal in all cases is to protect customers by severing bad actors from the infrastructure required to operate and to deter future cybercriminal behavior by significantly raising the barriers of entry and the cost of doing business,” Microsoft says, in collaboration with the Linux Foundation.

Microsoft warned us earlier this year about the rise of “adversary-in-the-middle” (AiTM) phishing attacks, which saw a 146% increase in 2024. These attacks are particularly damaging because they can bypass MFA (multi-factor authentication) protections and steal credentials and cookies.

In other news, Meta also pushed its crackdown on “pig-butchering” scams. The Facebook parent company has shut down over 2 million scam-related accounts, which exploit people with fake job offers, forcing them to work as online scammers.