Phishing-As-A-Service Easy Button For Hackers. Phishing As Service for Script Kiddies. Cybersecurity

Phishing-As-A-Service Easy Button For Hackers. Phishing As Service for Script Kiddies. Cybersecurity. Phishing-as-a-service operation uses double theft to boost profits. Microsoft says BulletProofLink, a large-scale phishing-as-a-service (PhaaS) operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately.

The threat actor behind BulletProofLink (also known as BulletProftLink and Anthrax) provides cybercriminals with various services, ranging from selling phish kits and email templates to providing hosting and automated services under a single payment or monthly subscription-based business model. "In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run," the Microsoft 365 Defender Threat Intelligence Team. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today."

The BulletProofLink threat actor was first spotted in October 2020 by OSINT Fans, who published a three-part series [1, 2, 3] exposing some of the inner workings of this PhaaS operation.

As they revealed, the Bulletproftlink ICQ group chat had 1,618 members last year, "all potential buyers of the stolen passwords and the Bulletproftlink phishing services."