Tools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 Accounts

Tools from Cybercrime SoftwareA new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years.

Normally when we talk about a Cybercrime-as-a-Service malware, toolset, or platform being behind a string of attacks, we rarely know anything more than the malicious tools that were used. But new information from cybersecurity vendor Group-IB about cybercrime innovator W3LL provides some key insights that may shed light on how other groups are operating.

Group-IB’s report W3LL Done: Uncovering Hidden Phishing Ecosystem Driving BEC Attacks provides details about W3LL’s phishing tool ecosystem, private club of threat actors, customizable tools, and where W3LL partners have carried out attacks are all spelled out. The findings on this report provides insight into how these cybercrime businesses function.

According to Group-IB, W3LL has created malicious tools since 2017.  Today, W3LL has over 500 active customers and uses both reseller and referral programs to entice continued growth through word of mouth.

Ever since W3LL created a phishing kit specifically to target Microsoft 365 accounts, Group-IB has attributed them as being a major contributor to attacks on Microsoft 365. They are now offering over 12,000 items on their “W3LL Store” to the dark web.

And while the cumulative 56,000 compromised Microsoft 365 accounts are the sum total of attacks by a disparate set of threat actors and criminal groups, it’s the common use of W3LL’s toolsets that have empowered these malicious campaigns to succeed.

As your organization looks to improve its cybersecurity stance, consider that “vendors” like W3LL will only multiply and continue to improve their products. This makes it more difficult for users to identify a malicious email from a legitimate one – something that demands the continual use of security awareness training to counteract.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews