A phishing-as-a-service (PhaaS) operation, dubbed BulletProofLink and discovered by Microsoft, has been behind a number of phishing campaigns against the private sector.
Researchers at the tech giant uncovered the operation after finding a campaign that used more than 300,000 “newly created and unique subdomains” in a single run. The operation sells phishing kits, email templates, hosting and automated services—all at fairly low prices. Microsoft explained that some PhaaS groups offer everything needed for a campaign from soup to nuts—template creation, hosting and overall orchestration. That’s a lucrative business model for their “clientele.” Those service providers also offer a hosted scam page solution called fully undetected, or FUD, links. That’s their own marketing term meant to assure customers that the links are viable until users click them.
“With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today,” the Microsoft 365 Defender Threat Intelligence Team wrote in a blog post. “BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators.”
Microsoft researchers found that the operation promoted a phishing technique called “double theft,” in which a campaign can monetize in multiple ways since the miscreants send stolen credentials to both the phishing-as-a-service operator and their customers.
BulletProofLink, by its own account, has been around since 2018 and in that time has maintained a number of sites such as BulletProftLink, BulletProofLink and Anthrax. ..
Support the originator by clicking the read the rest link below.