Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
Dec 23, 2024
Phishing / Cybercrime
An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm . "It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last week. "This does not appear to be because of a takedown action, but due to some technical failure on the backend of the service." Rockstar2FA was first documented by Trustwave late last month as a PhaaS service that allows criminal actors to launch phishing attacks that are capable of harvesting Microsoft 365 account credentials and session cookies, thereby circumventing multi-factor authentication (MFA) protections. The service is assessed to be an updated version of the DadSec phishing kit, which is tracked by Microsoft under the name Storm-1575. A majority of the ph...