This suggests that cybercriminals who previously relied on Rockstar 2FA are now turning to FlowerStorm as an alternative.
Rockstar 2FA, a service criminals use to launch phishing attacks quickly, has become unavailable.
FlowerStorm, a competing PhaaS platform, is now seeing increased usage. This suggests that cybercriminals who previously relied on Rockstar 2FA are now turning to FlowerStorm as an alternative.
The phishing-as-a-service (PhaaS) toolkit Rockstar 2FA has suffered a significant downfall not due to law enforcement intervention but because of unresolved technical problems within the service itself. The service is no longer accessible to users.
Rockstar 2FA is a phishing-as-a-service platform that enables cybercriminals to execute phishing campaigns. The tool can steal Microsoft 365 account credentials and session cookies, bypassing multi-factor authentication (MFA) safeguards.
Rockstar 2FA likely builds on the DadSec phishing kit, evolving its features for greater efficiency. While it primarily relies on common top-level domains (.com, .de, .ru, and. moscow), the .ru domains have declined.
On 11 November 2024, technical issues disrupted Rockstar2FA. A phishing service is used to steal credentials via fake login pages and decoy redirects. These failures made the service nonfunctional, forcing cybercriminals to shift to an alternative PhaaS platform, FlowerStorm.
This transition resulted in a spike in phishing attacks linked to FlowerStorm, highlighting how disruption in primary cybercriminal tools can quickly reshape the cybercrime landscape.
According to Sophos, Rockstar2FA and FlowerStorm exhibit notable similarities, including the structure of their phishing portal pages and the techniques used to link with backend servers for credential collection. Both also exploit Cloudflare Turnstile to filter out bot traffic and focus on legitimate users.
FlowerStorm phishing attacks target countries such as the United States, Canada, the United Kingdom, Australia, Italy, Switzerland, Puerto Rico, Germany, Singapore, and India.
Engineering, construction, real estate, legal services, and consulting companies are the most affected sectors.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.