Microsoft Seizes Domains Linked to ONNX Phishing Operation

Microsoft disrupts ONNX phishing-as-a-service infrastructure. The tech giant has seized 240 domains linked to ONNX, a prominent phishing platform that has targeted Microsoft 365 and other tech companies since 2017. According to Microsoft’s Digital Defense Report 2024, ONNX was the leading provider of phishing messages in the first half of 2024, utilizing subscription-based phishing kits sold on Telegram. These kits included advanced features to bypass two-factor authentication and employed QR code phishing tactics to deceive victims. The operation ceased in June after the identity of its owner was revealed, leading to a court order that redirected the malicious infrastructure to Microsoft, effectively halting its phishing activities. This action is part of Microsoft’s broader efforts to combat cybercrime and protect its customers.