The ONNX Case and Rise Of Cybersecurity Supply Chain Attacks

Microsoft recently shut down 240 malicious websites tied to a phishing-as-a-service operation known as ONNX, run by Egyptian actor Abanoub Nady, also known as MRxC0DER. 

The takedown highlights a growing new threat: cybersecurity supply chain attacks, where attackers don’t directly target businesses, they target the services and tools used to attack them.

This incident should serve as a serious warning for companies worldwide: cybercrime is becoming more organized, and threat actors are now building “supply chains” to distribute attacks at scale.

What Happened with ONNX?

ONNX wasn’t just a hacker,  it was a service provider selling phishing kits and tools to cybercriminals, enabling both novice and advanced attackers to launch credential-stealing campaigns in minutes. This makes ONNX a central node in what’s known as the phishing supply chain, which is part of a broader trend in cybersecurity supply chain attacks.

Microsoft’s research reveals that ONNX provided:

• Ready-to-use phishing templates

• Infrastructure to host fake login pages

• Advanced features to bypass MFA and steal authenticated sessions

Cybercriminals simply paid a subscription to access these tools via platforms like Telegram, turning cyber attacks into a scalable business.

Cybersecurity Supply Chain Attacks: Why They’re Dangerous

Instead of hacking individual companies directly, attackers are increasingly relying on cybercrime supply chains, where tools, services, and infrastructure (like ONNX) are developed by one party and used by many. This model:

• Increases the impact and reach of attacks

• Reduces the skill needed to carry out phishing or ransomware campaigns

• Makes detection harder, since attackers constantly rotate their tools and domains

This new reality means businesses must now defend not just their own systems, but monitor and prepare for attacks stemming from third-party services used by criminals.

How Microsoft Shut Down the ONNX Operation

To stop ONNX, Microsoft:

• Obtained a U.S. court order allowing them to seize 240 phishing domains registered by the group.

• Worked with the Linux Foundation, since ONNX used the same name as a legitimate open-source AI project, potentially to appear more trustworthy.

• Redirected all traffic from the seized domains to Microsoft-controlled servers, effectively neutralizing the operation.

This decisive action strikes at the heart of the cybercrime supply chain, disrupting attackers before they can reach their targets.

What This Means for Businesses

The ONNX takedown is a clear example of cybersecurity supply chain attacks in action, and why businesses must rethink their defenses. Even if your systems are secure, attackers may still reach you indirectly through tools or services produced by criminal networks.

Here’s what you should do:

• Go beyond passwords and traditional MFA, as attackers now bypass them via AiTM (Adversary-in-the-Middle) techniques.

• Monitor your supply chain, including third-party tools, cloud services, and identity solutions.

• Educate your users about advanced phishing attempts, even those that seem legitimate.

• Collaborate with threat intelligence experts who track emerging attacks.

 

How Meta Techs Helps You Stay Ahead of Supply Chain Attacks

At Meta Techs, we understand the complexity of cybersecurity supply chain threats and help you defend against them with:

• Advanced Threat Detection & Response (MDR)

• Email & Endpoint Security Solutions

• Zero Trust & Identity Protection

• Threat Intelligence and Monitoring

• Incident Response and Recovery Planning

We enable your business to move from reactive defense to proactive readiness, even against evolving threats like phishing-as-a-service or ransomware supply chains.

Contact Meta Techs For Consultation

Final Thoughts

Microsoft’s takedown of the ONNX phishing supply chain is a win, but it’s just one battle in an ongoing war. Cybercriminals are modernizing their approach, building scalable service-based attacks that target your business indirectly.

To defend against them, you need strong defenses, smart partners, and continuous vigilance. Meta Techs is here to help you protect your security, reputation, and operations from the next wave of cybersecurity supply chain attacks.