- "기밀 VM의 빈틈을 메운다" 마이크로소프트의 오픈소스 파라바이저 '오픈HCL'란?
- The best early Black Friday AirPods deals: Shop early deals
- The 19 best Black Friday headphone deals 2024: Early sales live now
- I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off
- The best Black Friday deals 2024: Early sales live now
DEV-1101 Updates Open Source Phishing Kit
The threat actor known as DEV-1101 has been spotted developing and advertising a new adversary-in-the-middle (AiTM) open source phishing kit.
The Microsoft Threat Intelligence team shared the findings in an advisory published on Monday, which explained that the kit can automate the setup and launch of phishing activity and provide support for attackers.
“The threat actor group began offering their AiTM phishing kit in 2022, and since then has made several enhancements to their kit,” reads the Microsoft advisory.
These include the capability to manage campaigns from mobile devices and evasion features like the bypass of CAPTCHA pages.
According to a blog post seen by Microsoft on a cyber forum in May 2022, the DEV-1101 kit is written in NodeJS with PHP reverse-proxy capabilities, automated setup and detection evasion through an antibot database.
It also features phishing management activity via Telegram bots, as well as several ready-made phishing pages impersonating services like Microsoft Office or Outlook.
Read more on Telegram bots here: Telegram Bot Abuse For Phishing Increased By 800% in 2022
“On June 12 2022, DEV-1101 announced that the kit would be open source with a $100 monthly licensing fee,” Microsoft wrote. “The actor also provided links to additional Telegram channels and a now-defunct GitHub page.”
Months later, DEV-1101 then upgraded the kit again to include the ability to manage servers through a Telegram bot instead of cPanel.
“DEV-1101 was able to increase the price of their tool multiple times due to the rapid growth of their user base from July through December 2022,” Microsoft explained. “As of this writing, DEV-1101 offers their tool for $300, with VIP licenses at $1,000. Legacy users were permitted to continue purchasing licenses at $200 prior to January 1 2023.”
The tech giant added that it observed several threat actors conducting large-scale phishing campaigns (millions of phishing emails per day) using the tool offered by DEV-1101.
Also in phishing-related news, cybersecurity researchers at Cyble recently warned of several new Windows and Android phishing campaigns relying on ChatGPT for malware distribution.