Phishing as a Service Kit: A Threat with MFA Bypassing Capability, Primarily Targeting Microsoft Users

Researchers at Sucuri have identified a phishing-as-a-service platform named “Greatness” that orchestrates phishing assaults targeting Microsoft 365 accounts. This platform operates as a Phishing as a Service (PhaaS) platform, furnishing malicious actors with a suite of tools to execute phishing campaigns against Microsoft 365 accounts.

Utilizing the “Greatness” platform, bad actors gain access to a user-friendly interface enabling the creation of convincing phishing emails and attachments embedded with malware. Notably, the kit boasts features enabling attackers to bypass multi-factor authentication, thus exacerbating the threat landscape.

Sucuri’s findings underscore the concerning trend of phishing kits like “Greatness,” which democratize cybercrime by empowering even novice individuals to orchestrate sophisticated phishing attacks. This accessibility amplifies the risk of cybercrime proliferation and underscores the imperative of heightened vigilance against evolving threats.

Information used in this article was provided by our partners at KnowBe4.