Phishing Platform Caffeine Targets Russian and Chinese Services

phishing platform Caffeine
Written by Emma Davis

Mandiant has discovered a new Phishing-as-a-Service (PHaaS) Caffeine phishing platform. Interestingly, here new clients do not require invitations or referrals to connect, and they do not need to get administrator approval or bring a “guarantor” from a hacker forum.

In addition, Caffeine is aimed mainly at Russian and Chinese services, which is also very unusual.

This platform has an intuitive interface and relatively low cost, providing its criminal clients with many features and tools to organize and automate the main elements of phishing campaigns.the researchers say in their report.

Let me remind you that we also talked that Hackers Attack Russian Defense Contractor Through MHTML Bug, and also that New Phishing Campaign Targets Microsoft Office 365 Credentials.

Experts discovered Caffeine after investigating a large-scale phishing attack that targeted one of Mandiant’s customers to steal Microsoft 365 credentials.

phishing platform Caffeine
Attack scheme

The report states that one of the main dangers of the Caffeine platform is its accessibility. So, to create an account in Caffeine, invites and referrals are not needed, and immediately after creating an account, the criminal gets access to the “shop”, which contains tools for conducting phishing campaigns and a toolbar.

phishing platform Caffeine

Only after that, the user must pay a subscription, which costs $250 per month, $450 for three months, or $850 for six months, depending on the features. Since it is quite expensive compared to other PhaaS services, Caffeine tries to offset the cost by offering anti-discovery and anti-analysis systems, as well as support services, to its customers.

phishing platform Caffeine
Caffeine rates, according to the hacker forum ads

Among the main features offered by the platform are the ability to create custom phishing kits, manage redirect and bait pages, dynamically generate URLs hosting payloads, set up IP blacklists (geo-blocking, CIDR-based blocking, etc.). below) and track the statistics of your campaigns.

It also highlights that the platform allows operators to use their own Python or PHP-based utility to send phishing emails to targets, further reducing the need for external tools.

phishing platform Caffeine

Caffeine currently offers several options for phishing templates, including templates for Microsoft 365 and various honeypots for Chinese and Russian services. Mandiant believes that Caffeine operators will further expand this list in the future.

phishing platform Caffeine
Phishing template by default for

Although Mandiant includes a guide for detecting Caffeine phishing emails with its report, analysts emphasize that the PhaaS confrontation is a “cat and mouse game” and it is likely that criminals will use new methods of evasion, after which the report can be considered outdated.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply