As reported by Bleeping Computer, the service provides a way for cybercriminals to target individuals in order to gain access to their Microsoft 365 accounts.
Researchers from cybersecurity firm Mandiant released a report on Caffeine following its recent disclosure, and discovered the service after investigating a Caffeine-derived phishing campaign that saw threat actors focus on one of the company’s customers.
And unlike other platforms, anyone interested can access Caffeine without the need for invitations or referrals. Another common feature among these services is receiving approval from an admin of a Telegram group or hacking forum, however Caffeine does not need
to this examination process.
Although the majority of PhaaS platforms target western regions, caffeine phishing patterns in particular revolve around Russian and Chinese platforms.
After a hacker creates their account, they can access the Caffeine Store, a central place with tools for setting up phishing campaigns. Of course, the service is not offered for free, with a subscription license priced at $250 per month, while the higher options cost $450 (three months) and $850 (six months).
Once the phishing campaign is set up, the same phishing suite is launched – the Microsoft 365 login page – after which the phishing template must be selected. A Python or PHP-based email manager is another convenient tool that is also offered to distribute phishing emails to victims, according to Digital Trends.