Phishing attacks, including those from ONNX, pose significant risks, targeting millions of users daily and resulting in substantial financial and data losses.

ONNX has been involved in adversary-in-the-middle (AitM) phishing, where attackers bypass protections like multi-factor authentication by intercepting user authentication.

This seizure represents a major disruption to ONNX's operations, which had been active for several years.

The seizure was supported by the Linux Foundation, which owns the ONNX trademark, highlighting a collaborative effort to dismantle malicious infrastructures.

Nady has been linked to the development and sale of multiple phishing kits since Microsoft's tracking began in 2017, including ONNX, Caffeine, and FUHRER.

Microsoft seized 240 domains linked to ONNX, a phishing-as-a-service platform that has been operational since 2017, significantly impacting Nady's operations.

These phishing kits enabled widespread attacks, allowing users to launch large-scale phishing campaigns to collect credentials from targets.

On November 21, 2024, Microsoft announced the disruption of the ONNX phishing service, identifying Abanoub Nady, also known as MRxC0DER, as the alleged operator.

A civil court order from the Eastern District of Virginia allowed Microsoft to redirect these malicious domains to itself, permanently disrupting ONNX's phishing activities.

ONNX marketed its phishing kits through Telegram, offering tiered subscription services priced between $150 and $550 per month.

Microsoft emphasized its commitment to protecting users and improving strategies against cybercrime, with this action sending a strong message to cybercriminals.

Recent tactics employed by ONNX included QR code phishing, known as 'quishing', primarily targeting employees in financial firms.