A new phishing-as-a-service (PhaaS) platform ‘Caffeine’ has been introduced in the cyberthreat landscape, which aids threat actors in launching campaigns through an open registration process for an easier phishing operations headstart, especially for beginners.
The Caffeine PhaaS has major differences from other platforms, for it does not require beginners in the field to have referrals or invites or to get approval from an upper admin of a particular hacking group. This service also targets Russian and Chinese organisations, as most PhaaS platforms target Western countries.
Experts are concerned that the Caffeine PhaaS could attract more threat actors because of its “feature-rich” capabilities and low access barrier.
In one of the spotted phishing campaigns that utilise the Caffeine PhaaS, researchers found that a group of threat actors had targeted the clients of a security solutions firm Mandiant to steal their Microsoft 365 account credentials.
For interested threat actors, they must first create an account for Caffeine for immediate access to a store where they could avail of phishing campaign-creation instruments and a dashboard. This new PhaaS is offered through several subscription plans, including $250 per month, $450 for three months, and $850 for six months. All these plans have different features depending on their prices.
Researchers state that the subscription prices for Caffeine are about 3 to 5 times higher than the typical PhaaS platforms that they encounter. However, they noted that its authors added a supplementary feature which explains its price, such as anti-analysis and anti-detection systems, alongside an active customer support helpdesk.
The researcher also found that this new PhaaS offers advanced features, including mechanisms to customise dynamic URL schemas, first and last campaign redirects phishing pages, and IP blocklisting options.
The Caffeine platform’s phishing kit is currently limited to an MS 365 login page, although it offers many phishing template options. Several Chinese, Russian, and Western organisations are currently the prime targets of this PhaaS, although experts are certain that more will be included in the future.
Threat actors are becoming more aggressive about their attack tactics, including how to evade security detection while victimising targets. Experts continue to advise that users must be more vigilant about new tactics launched by hackers and report them to authorities if it happens.
