Caffeine currently costs $250 a month, and it may be a pricier subscription model due to the unlimited customer service support options and the extensive anti-detection and anti-analysis features it offers. However, the lack of verification and considerable support may indicate this platform could see significant adoption rates. If completed correctly, the final lure for Caffeine phishing kits will appear as a Microsoft 365 login page. Pages like this one are the main mechanism to drive successful credential theft during campaign operations.
Mandiant researchers have made available a number of network IOCs associated with Caffeine infrastructure, although these may change quickly:
Organizations are advised to educate users about social engineering and phishing techniques, and deploy technical and procedural controls such as email security solutions. In today’s modern threat environment with sophisticated Malware-as-a-Service (MaaS) offerings, is highly recommended to utilize a defense-in-depth cybersecurity strategy that focuses on the detection of post compromise activities, such as the MDR, Threat Hunting, and SOC services offered by Binary Defense.