Newscast

FlowerStorm targets Microsoft 365

By Nik

December 23, 2024

A new cybercrime tool, FlowerStorm, has surfaced, giving malicious actors an efficient way to compromise Microsoft 365 accounts. This Phishing-as-a-Service (PaaS) platform is believed to have connections to Rockstar2FA, a now-defunct service that abruptly vanished in November. While the reasons behind Rockstar2FA’s disappearance remain a mystery, experts suspect it wasn’t due to any law enforcement action.

Rockstar2FA was notorious for its ability to sidestep two-factor authentication (2FA), allowing attackers to hijack sessions by stealing cookies during login attempts. Its streamlined interface and integration with messaging apps like Telegram made it accessible even to less technically skilled criminals.

In the aftermath of Rockstar2FA going offline, FlowerStorm emerged, featuring many of the same tools and functionalities. This has led cybersecurity researchers to theorize that it might be a successor or revamped version of the previous service. Since its debut, FlowerStorm has been used predominantly against organizations in North America and Europe. A significant portion of its activity has targeted companies in the United States, with Canada, the United Kingdom, and Australia also seeing considerable impact.

The emergence of FlowerStorm highlights the rapid evolution of cybercrime, where tools and services are quickly replaced or rebranded to maintain operations. As these threats become more sophisticated, businesses must remain proactive in defending against such attacks.