Full Report
A new Microsoft 365 phishing-as-a-service platform called "FlowerStorm" is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service. [...]
Analysis Summary
The provided article description is extremely truncated and only contains headers, navigation links, and boilerplate text from the source website, BleepingComputer. It does *not* contain any substantive information describing a threat actor, their activities, TTPs, or targeting patterns.
Therefore, the analysis below reflects the lack of data present in the context provided.
# Threat Actor: Unknown (FlowerStorm Context)
## Attribution & Identity
Attribution and specific identity details are not available in the provided context snippet. The context mentions a new service named **FlowerStorm** which appears to be a phishing service targeting Microsoft accounts/credentials. It is noted as filling the void left by a previous entity, **Rockstar2FA**.
## Activity Summary
The only described activity is the emergence of the **FlowerStorm** service, which provides methods for conducting phishing attacks, specifically targeting Microsoft credentials, likely utilizing pre-built infrastructure to replace services like Rockstar2FA that have become defunct or inaccessible.
## Tactics, Techniques & Procedures
- Phishing (implied via description as a "phishing service")
- Credential harvesting targeting Microsoft 365/Outlook authentication pages (inferred from context).
- No specific MITRE ATT&CK IDs are mentioned.
## Targeting
- Sectors: Not explicitly detailed, but the focus on Microsoft credentials suggests **any organization using Microsoft 365/Azure AD services.**
- Geography: Unknown.
- Victims: Not specifically named.
## Tools & Infrastructure
- **Malware families used:** None explicitly mentioned. FlowerStorm appears to be a *phishing service/kit* rather than malware.
- **Infrastructure:** Details on C2, domains, or IPs are not present in the summary.
## Implications
The emergence of dedicated phishing-as-a-service tools like FlowerStorm lowers the barrier to entry for lower-skilled threat actors seeking to compromise corporate and personal Microsoft accounts, especially those relying on MFA bypass techniques traditionally facilitated by services like Rockstar2FA.
## Mitigations
- Monitor for phishing attempts leveraging Microsoft branding.
- Implement robust phishing awareness training focusing on credential harvesting related to M365 logins.
- Implement stronger authentication methods like FIDO2/Hardware keys which are more resilient against typical phishing attacks.