All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

The Quarry: How a PhaaS Toolkit Weaponizes Legitimate RMM Tools for Mass Cybercrime

By

HackMoN Ai

2h ago· 12 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Front-window bakery material. Catches the eye, delivers the goods.

Score100TypeanalysisSentimentvery negative

Summary

SOCRadar's threat research team has identified "The Quarry," a Phishing-as-a-Service (PhaaS) toolkit operated by a single developer since at least April 2025. The platform supplies nearly 200 criminal operators with phishing infrastructure that weaponizes legitimate Remote Monitoring and Management (RMM) tools to bypass security defenses. The operation enables mass phishing campaigns impersonating the IRS, Social Security Administration, and DocuSign, representing a significant evolution in cybercrime where phishing-as-a-service commoditizes advanced attack techniques.

Key quotes

· 3 pulled
What appears to be a wave of disconnected phishing incidents—some impersonating the IRS, others mimicking the Social Security Administration or DocuSign—can be traced back to a single developer selling a Phishing-as-a-Service (PhaaS) toolkit to nearly 200 criminal operators.
Dubbed 'The Quarry' by SOCRadar's threat research team, this cybercrime ecosystem has been operating since at least April 2025 and remains active at the time of publication.
The operation represents a fundamental shift in the cybercrime landscape: phishing is no longer just ab
Snippet from the RSS feed
The Quarry: Inside the PhaaS Factory That's Weaponizing Legitimate RMM Tools for Mass Cybercrime + Video - "Undercode Testing": Monitor hackers like a pro.

You might also wanna read

Countermeasures Against Web Scrapers and Bots: Fighting Back with Creative Techniques

The article discusses techniques for fighting back against web scrapers and bots that inadvertently DDoS websites. The author describes vari

herman.bearblog.dev·7mo ago

How a botnet abused my open source project's cloud version to phish 14,000 people

The author, who runs an open source project management tool called Kaneo, discovered that a botnet had abused the hosted cloud version of th

andrej.sh·18d ago

Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies

blog.quarkslab.com·11mo ago

Technical Insights and Cybersecurity Research from Phrack Magazine

The article is a compilation of technical and cybersecurity-related content from Phrack Magazine, featuring contributions from various autho

phrack.org·10mo ago

How a Compromised Next.js Dependency Led to Server Hacking and Monero Mining

A developer shares their experience of discovering their Hetzner server was hacked and used for Monero cryptocurrency mining. The article de

blog.jakesaunders.dev·6mo ago

ClawdBot Open-Source Malware Framework Targets Cryptocurrency Platforms and Social Media

The article discusses ClawdBot, an open-source malware framework that uses malicious skills to target cryptocurrency platforms and social me

opensourcemalware.com·4mo ago