"W3LL Phishing Kit Hijacks Thousands of Microsoft 365 Accounts, Bypasses MFA"
A threat actor known as W3LL developed a phishing kit to circumvent multi-factor authentication (MFA) and other tools. Over 8,000 Microsoft 365 corporate accounts have been compromised by the phishing kit. In ten months, security researchers discovered that W3LL's utilities and infrastructure were used in 850 phishing attacks to steal the credentials of over 56,000 Microsoft 365 accounts. W3LL's custom phishing tools were used in Business Email Compromise (BEC) attacks, resulting in significant financial losses. According to researchers, W3LL's inventory encompasses nearly the entire kill chain of a BEC operation and can be operated by "cybercriminals of all technical skill levels." This article continues to discuss the W3LL phishing kit.