FlagThis

A new Microsoft 365 phishing-as-a-service platform called ‘FlowerStorm’ has emerged, filling the gap left by the shutdown of the Rockstar2FA cybercrime service. FlowerStorm is a sophisticated service which allows threat actors to create and deploy phishing campaigns specifically targeting Microsoft 365 accounts. This activity shows a clear increase in targeted phishing campaigns aimed at Microsoft users, which could lead to account compromise, data breaches and other associated risks. The sophisticated platform allows threat actors to automate much of the phishing process, increasing their efficiency and reach. This demonstrates the ease with which cybercriminals can set up and deploy complex phishing schemes.

This cluster focuses on the emergence of a new phishing-as-a-service (PhaaS) platform called ‘Rockstar 2FA’. It facilitates large-scale adversary-in-the-middle (AiTM) attacks, primarily targeting Microsoft 365 credentials. This highlights the ongoing threat of credential theft and the increasing sophistication of phishing attacks, emphasizing the importance of robust multi-factor authentication (MFA) and security awareness training.