Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

The Hacker News by The Hacker News
December 24, 2024
Home Cybersecurity
Share on FacebookShare on Twitter


Dec 23, 2024Ravie LakshmananPhishing / Cybercrime

An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm.

“It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable,” Sophos said in a new report published last week. “This does not appear to be because of a takedown action, but due to some technical failure on the backend of the service.”

Rockstar2FA was first documented by Trustwave late last month as a PhaaS service that allows criminal actors to launch phishing attacks that are capable of harvesting Microsoft 365 account credentials and session cookies, thereby circumventing multi-factor authentication (MFA) protections.

Cybersecurity

The service is assessed to be an updated version of the DadSec phishing kit, which is tracked by Microsoft under the name Storm-1575. A majority of the phishing pages have been found to be hosted on .com, .de, .ru. and .moscow top-level domains, although the use of .ru domains is believed to have shrunk over time.

FlowerStorm Phishing-as-a-Service

Rockstar2FA appears to have suffered a technical interruption on November 11, 2024, when redirects to intermediate decoy pages generated Cloudflare time-out errors and the counterfeit login pages failed to load.

While it’s not clear what caused the disruption, the void left by the PhaaS toolkit has resulted in a surge in phishing activity associated with FlowerStorm, which has been active since at least June 2024.

FlowerStorm Phishing-as-a-Service

Sophos said that both the services share similarities when it comes to the format of the phishing portal pages and the methods used to connect to the backend servers for credential harvesting, raising the possibility of a common ancestry. They also abuse Cloudflare Turnstile in order to ensure that the incoming page requests are not from bots.

It’s suspected that the November 11 disruption represents either a strategic pivot in one of the groups, a change in personnel running them, or an intentional effort to decouple the twin operations. There is no definitive evidence linking the two services at this stage.

Cybersecurity

The most frequently targeted countries using FlowerStorm include the United States, Canada, the United Kingdom, Australia, Italy, Switzerland, Puerto Rico, Germany, Singapore, and India.

“The most heavily targeted sector is the service industry, with particular focus on firms providing engineering, construction, real estate, and legal services and consulting,” Sophos said.

If anything, the findings once again illustrate the ongoing trend of attackers using cybercriminal services and commodity tools to carry out cyber attacks at scale even without requiring much technical expertise.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

Recommended.

Winning the global race

Winning the global race

March 3, 2025
Iridium Begins Integration of NTN Direct with Deutsche Telekom

Iridium Begins Integration of NTN Direct with Deutsche Telekom

September 16, 2025

Trending.

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

October 6, 2025
Cloud Computing on the Rise: Market Projected to Reach .6 Trillion by 2030

Cloud Computing on the Rise: Market Projected to Reach $1.6 Trillion by 2030

August 1, 2025
Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

July 14, 2025
The Ultimate MSP Guide to Structuring and Selling vCISO Services

The Ultimate MSP Guide to Structuring and Selling vCISO Services

February 19, 2025
Translators’ Voices: China shares technological achievements with the world for mutual benefit

Translators’ Voices: China shares technological achievements with the world for mutual benefit

June 3, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio