The tech company claimed that it had seen numerous threat actors use the DEV-1101 tool to execute massive phishing campaigns (millions of phishing emails per day). This update will help to curb just that.
New adversary-in-the-middle (AiTM) open source phishing kit development and advertising have been linked to threat actor DEV-1101. The kit can automate the setup and launch of phishing activities and provide support for attackers, according to a report from the Microsoft Threat Intelligence team released on Monday.
“The threat actor group began offering their AiTM phishing kit in 2022, and since then has made several enhancements to their kit,” reads the Microsoft advisory.
They consist of evasion tools including the ability to skip CAPTCHA sites as well as the ability to administer campaigns from mobile devices. The DEV-1101 kit is said to be constructed in NodeJS with PHP reverse-proxy capabilities, automatic setup, and detection evasion through an antibot database, according to a blog post viewed by Microsoft on a cyber forum in May 2022.
It also includes pre-made phishing pages that impersonate services like Microsoft Office or Outlook, as well as phishing management activity via Telegram bots. Months later, DEV-1101 modified the kit once again to allow for the use of a Telegram bot in place of cPanel for server management.
“DEV-1101 was able to increase the price of their tool multiple times due to the rapid growth of their user base from July through December 2022,” Microsoft explained. “As of this writing, DEV-1101 offers their tool for $300, with VIP licenses at $1,000. Legacy users were permitted to continue purchasing licenses at $200 prior to January 1 2023.”
