Email security

Caffeine PhaaS platform eases execution of phishing attacks

Threat actors could leverage the new Caffeine phishing-as-a-service platform to easily launch phishing attacks, with the service observed by Mandiant to have been used in a large-scale Microsoft 365 phishing attack against one of its clients, BleepingComputer reports. Aside from having a low barrier of entry due to its lack of invite, referral, or admin approval requirements, Caffeine also boasts numerous features and has templates aimed at Chinese and Russian platforms, unlike the Western services commonly used by most PhaaS platforms, according to Mandiant researchers. The report revealed that upon account creation, phishing operators immediately obtain access to Caffeine's primary dashboard wherein they could create their campaigns. Subscription license purchases are then required for the operators and while such payments are nearly three to five times as much as other PhaaS subscriptions, advanced features such as dynamic URL schema customization, first-stage campaign redirect pages and final lure pages, and IP blocklisting choices are being touted by the platform. Only a Microsoft 365 login page is offered as a phishing kit so far, while templates are limited to Microsoft 365 and other Chinese and Russian platforms but more are expected soon, researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.