Full Report
A Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over $280,000 in illicit transactions.
Analysis Summary
# Threat Actor: Haozi Phishing Service (PhaaS)
## Attribution & Identity
The entity is identified as a Chinese-language Phishing-as-a-Service (PhaaS) platform. It is a service designed to make cybercrime easy, requiring no technical skills from its users.
## Activity Summary
Haozi has recently resurfaced, offering a "plug-and-play" service framework to facilitate cybercriminal operations, specifically phishing scams, enabling users to generate illicit profits. The service has facilitated over $280,000 in illicit transactions.
## Tactics, Techniques & Procedures
- Offering a phishing service platform (PhaaS).
- **Note:** Specific technical TTPs detailing payload delivery or post-exploitation methods are not detailed in the provided context, only the service facilitation aspect.
## Targeting
- Sectors: Not explicitly detailed, implied to be any sector vulnerable to phishing attacks for financial gain.
- Geography: Primarily targets **Chinese-language** speakers/victims due to the platform's language.
- Victims: General victims targeted by phishing aimed at financial fraud.
## Tools & Infrastructure
- **Malware families used:** Not specified, but the service facilitates phishing attacks.
- **Infrastructure (C2, domains, IPs):** Not specified, referred to broadly as a "platform."
## Implications
Haozi lowers the barrier to entry for cybercrime, enabling novice actors (those without tech skills) to conduct profitable phishing operations. Its resurfacing indicates a continued, accessible supply chain for financially motivated cyberattacks, leading to potential increases in fraud volume.
## Mitigations
- Focus on user awareness training regarding phishing, particularly in Asian/Chinese language contexts if applicable to the organization.
- Enhanced monitoring for phishing indicators that leverage known templates or services used by East Asian threat actors.