HQ/EMEAFind out how we can help your business
The surge of cyberattacks from the W3LL phishing group has shown it is the latest threat to the cybersecurity industry. The group has displayed its evolution in the past six years after distributing different campaigns using its phishing kit. Reports claimed that the group has compromised over 56,000 Microsoft 365 business email accounts.
Moreover, this group designed a new custom tool for bulk email spamming. It became a formidable threat by offering various cyber weapons on a private hacking forum called W3LL Store.
The latest success of the W3LL phishing group comes from their phishing kit.
The efficient cybercriminal operations of the W3LL phishing group came from its phishing kit called the W3LL Panel. The panel is part of a package with 16 custom instruments that could execute Business Email Compromise (BEC) attacks.
However, the tools’ success lies in bypassing MFA protocols, making them a threat to different organisations. Additionally, the toolkit includes SMTP senders such as PunnySender and W3LL Sender, a malicious link stager called W3LL Redirect, a vulnerability scanner dubbed OKELO, an automated account discovery instrument named CONTOOL, and various reconnaissance tools for its operations. The W3LL threat group constantly updates its tools, upgrading their functionalities and anti-detection mechanisms.
The sudden surge of W3LL’s activities should concern the cybersecurity industry and organisations. For the past ten months, they have earned an estimated profit of about $500,000.
The cybercriminals who employ these tools can use them in various campaigns, such as data theft, fake invoice scams, impersonation of account owners, and malware distribution via compromised accounts.
There are nearly 850 unique phishing websites linked to the W3LL Panel. This phishing kit and accompanying tools have targeted over 56,000 MS 365 accounts worldwide, with over 8,000 successfully compromised. These phishing campaigns have compromised numerous manufacturing, IT, financial services, consulting, healthcare, and legal organisations.
Organisations should stay informed about these threat actors’ changing Tactics, Techniques, and Procedures (TTPs) to mitigate or prevent such attacks, especially from the surging W3LL Panel phishing group.
