Group-IB has discovered the W3LL Store black market, which deals in corporate cyberattacks.
The public has been made aware of a new report from the information security firm Group-IB. The study sheds light on the actions of threat actor W3LL, who has up until now operated in secrecy. Microsoft 365 corporate accounts are the main area of focus for W3LL.
The Group-IB team started keeping an eye on W3LL in 2017 and has since been keeping track of the group's activity. According to the report, W3LL was a major contributor to the compromise of corporate Microsoft 365 accounts. Over 56,000 of these accounts were attacked in the US, Australia, and Europe between October 2022 and July 2023.
Underground market W3LL Store
The development of W3LL's own underground market, the W3LL Store, is equally intriguing. The platform provides a large selection of cyberattack tools to the community of at least 500 hackers who engage in cybercrime. These include 16 other unique tools for conducting BEC (Business Email Compromise, or BEC) attacks and the W3LL Panel phishing kit, which can get around two-factor authentication (2FA).
The W3LL Store's potential 10-month turnover of $500,000, according to Group-IB estimates, highlights the effectiveness and success of the cybercriminal organization.
Victims of BEC attacks using W3LL tools
The Group-IB report also calls attention to security-related issues with Microsoft's procedures. The company is criticized by experts for its lack of accountability and transparency in cybersecurity issues.
Group-IB emphasized that the W3LL syndicate established an entire ecosystem for cybercrime, not just an underground market. All levels of cybercriminals can use the comprehensive set of tools provided by W3LL. The Group-IB report serves as a crucial cautionary note for business organizations and law enforcement organizations. The document emphasizes the requirement for stricter security controls, particularly with regard to corporate Microsoft 365 accounts.