Large-Scale Phishing-as-a-Service Operation Exposed
Microsoft has uncovered a new large-scale phishing campaign that is targeting companies with custom campaigns and sophisticated phishing techniques. The phishing-as-a-service operation is marketed by cybercriminals as BulletProofLink. Researchers allegedly found the operation by detecting a high volume of newly created subdomains. Microsoft posted a statement via the 365 Defender Threat Intelligence team highlighting how more than 300,000 newly created subdomains were discovered by researchers and linked to the operation.
Microsoft explained that phishing is often the first attempt at a cyberattack that aims to lure victims through creating convincing emails that ask recipients to click on malicious links. The links, once clicked, create an entry point into networks and serve as a gateway for ransomware gangs and cybercriminals to deploy ransomware and other malicious tools. The group discovered by Microsoft, known as BulletProftLink has been in operation since at least 2018 and has several sites under different aliases. The group tends to leverage popular services such as YouTube and Vimeo to lure victims into clicking malicious links, according to researchers.