Skip to main content

Takedown of International Criminal Network Behind Phishing Scheme

 

In a major victory for cybersecurity, law enforcement agencies have dismantled an international criminal network running a Phishing-as-a-Service (PhaaS) platform known as iServer, which targeted over 483,000 victims worldwide. The operation, codenamed Operation Kaerb, was a coordinated effort involving Spain, Argentina, Chile, Colombia, and Peru.

What Happened?

  • iServer’s Reach: The PhaaS platform exploited victims in multiple countries, with Chile (77,000), Colombia (70,000), and Ecuador (42,000) being the hardest hit.
  • Arrests and Seizures:
    • 17 arrests were made.
    • 28 searches conducted.
    • Over 921 items seized, including electronic devices, weapons, and mobile phones.
  • Mastermind Arrested: An Argentinian national, believed to have run iServer since 2018, was arrested as part of the takedown.

What is iServer? 

Unlike typical phishing operations, iServer focused on unlocking stolen or lost phones. It allowed criminals, known as "unlockers," to use a web-based interface to:

  • Harvest passwords, passcodes, and user credentials from victims.
  • Bypass Lost Mode and unlink devices from their rightful owners.
  • Unlock stolen phones and resell them on illegal markets.

The platform automated the creation of phishing pages mimicking cloud-based mobile platforms, making it easy for even low-skilled criminals to participate.

How the Phishing Worked 

Attackers used SMS phishing (smishing) tactics to trick victims:

  1. Fake Links: Victims received SMS messages with phishing links.
  2. Credential Harvesting: Clicking the link redirected them to a fake landing page where they were asked to input credentials, passcodes, and two-factor authentication (2FA) codes.
  3. Device Unlocking: The stolen credentials were used to gain full access to devices, unlink them, and bypass security features.

This method allowed iServer to unlock an estimated 1.2 million stolen phones globally.

Criminal Network Disrupted 

In addition to iServer, global efforts have led to the arrest of 51 suspects connected to similar cybercrime activities in Australia, Ireland, and Italy. This crackdown highlights law enforcement's focus on dismantling organised cybercriminal networks.

Why It Matters 

  • PhaaS Platforms on the Rise: Phishing-as-a-Service platforms like iServer are making cybercrime more accessible, empowering even less skilled criminals to carry out large-scale attacks.
  • Protect Yourself:
    • Be cautious of SMS messages with links, especially those claiming to be from trusted platforms.
    • Enable robust security features like multi-factor authentication (MFA).
    • Regularly monitor your accounts and devices for suspicious activity.

This case serves as a stark reminder of the evolving threat of phishing and highlights the importance of staying vigilant to protect devices and sensitive information. Stay secure, stay informed.

Comments

Post a Comment

Popular posts from this blog

FBI Creates Fake Cryptocurrency to Bust Crypto Market Scams

In an unprecedented sting operation, the FBI has taken down a massive cryptocurrency fraud network by launching its own fake crypto token, NexFundAI . This cleverly disguised operation, part of Operation Token Mirrors , exposed illegal trading schemes like wash trading and pump-and-dump scams —and scammers are paying the price. How It Worked   The FBI created NexFundAI , a fake cryptocurrency marketed as a revolutionary bridge between finance and artificial intelligence . Behind the scenes, however, it was a trap designed to attract scammers engaged in market manipulation . Wash Trading : Scammers used fake trades with their own tokens to inflate the token's price, luring unsuspecting investors into buying. Once prices peaked, the fraudsters sold off their tokens for profit, leaving regular investors with worthless assets. Who Got Caught?   The operation led to the arrest of 18 individuals and entities involved in market manipulation schemes. Among those charged were major ...
Post a Comment
Read more

Korea Criminals Nab a Bit of Coin: $308M Stolen by North Korean Hackers!

In a shocking revelation, Japanese and U.S. authorities have officially linked the $308 million cryptocurrency heist from DMM Bitcoin in May 2024 to North Korean cyber actors. These attackers, part of the TraderTraitor group (also known as Jade Sleet , UNC4899 , or Slow Pisces ), used sophisticated tactics to pull off this massive theft. Who’s Behind It?   TraderTraitor is notorious for: Social Engineering : Targeting multiple employees simultaneously to breach systems. Malware-Laced Apps : Disguising malicious tools as cryptocurrency-related software. Sophisticated Scams : Pretending to be recruiters or collaborators, even on platforms like GitHub . How They Did It   Targeting Employees In March 2024 , a Ginco employee (a Japanese crypto wallet company) was duped by a fake recruiter into running a malicious Python script , setting the stage for the attack. Compromising Systems With the script, attackers gained access to Ginco’s communication systems using session cookies...
Post a Comment
Read more

SPF 50 Won’t Even Protect You: Email Spoofing Surge Fuels Malspam Attacks!

Cybercriminals are ramping up email spoofing attacks , faking sender addresses to bypass security filters and trick victims into engaging with malicious content . While protocols like DKIM, DMARC, and SPF were designed to prevent spoofing, attackers are now exploiting neglected domains to slip past modern defenses. Old Tricks, New Domains   Hackers are leveraging abandoned or misconfigured domains to send fraudulent emails. These domains, unused for years, lack proper DNS records, allowing them to bypass email security systems undetected . Tactics in Play   Cybercriminals are using a mix of techniques to deceive users: Phishing with QR Codes : Fake tax-related emails (mainly in Mandarin) contain QR codes linking to phishing sites designed to steal IDs and card details . Brand Spoofs : Attackers impersonate trusted companies like Amazon, Mastercard, and SMBC , tricking users into entering credentials on fraudulent login pages. Extortion Scams : Fake emails claim hackers reco...
Post a Comment
Read more