Total Tests:
Blog Filters reset x
By Incident
By Jurisdiction
Show More

Cybersecurity
Compliance

Cybersecurity
Legal Advisory
Learn More

BulletProftLink PhaaS Platform That Provided More Than 300 Phishing Templates Shut Down By Police

Read also: Darkode admin gets an 18-month prison sentence, US authorities dismantle the IPStorm botnet, and more.


Thursday, November 16, 2023
Views: 10k Read Time: 3 min.

BulletProftLink PhaaS Platform That Provided More Than 300 Phishing Templates Shut Down By Police

Police shut down prolific Phishing-as-a-Service platform, mastermind arrested

The Royal Malaysian Police announced the takedown of BulletProftLink (aka BulletProofLink and Anthrax), a notorious phishing-as-a-service (PhaaS) platform that first emerged in 2015 and swiftly gained popularity among cybercriminals due to its wide range of services, including phishing kits, scam page templates and automated solutions allowing to carry out nefarious activities.

By 2023, the service boasted over 8,000 active clients and more than 300 phishing templates targeting multiple organizations such as Microsoft, Bank of America, American Express, DHL, Naver, and others.

BulletProftLink’s takedown was carried out in cooperation with the Australian Federal Police and the US Federal Bureau of Investigation (FBI). As part of the action, the Malaysian police arrested eight individuals across the country, including the alleged mastermind behind the BulletProftLink operation - a self-taught man in his forties.

Along with the arrests, the police confiscated a cryptocurrency wallet containing 965,808 Malaysian ringgit (~$205,000) worth of crypto assets, servers, electronic devices, payment cards, jewelry, and vehicles.

ImmuniWeb can help prevent data breaches and meet regulatory requirements.
Request your free demo now and talk to our experts.

US authorities dismantled the IPStorm botnet that infected over 20,000 PCs worldwide

US authorities announced the takedown of IPStorm, a notorious botnet proxy service comprising over 23,000 infected computers worldwide. At present, there are no details regarding the shutdown, however, the US Department of Justice revealed that the alleged mastermind behind the IPStorm service has pled guilty in a US court.

The authorities said that Sergei Makinin, a Russian and Moldovan national, created and deployed malware to breach thousands of devices worldwide and make a profit by turning them into proxies.

Makinin sold access to these hacked devices to customers who wanted to hide their internet activities through a couple of websites, charging them hundreds of dollars a month for routing traffic through thousands of infected machines. Makinin admitted that he earned at least $550,000 through the IPStorm service.

He pled guilty on September 18, 2023, to charges related to illegal access and damage to protected computers. The man could face up to 30 years in prison if found guilty. Additionally, he agreed to forfeit cryptocurrency wallets linked to the illicit operation.

Cybersecurity Compliance

Prevent data breaches and meet regulatory requirements

Cybersecurity
Legal Advisory
Learn More

An admin of the largest English-speaking black cybermarket sentenced to 18 months in prison

An administrator of the once-largest English-language dark web market in the world Darkode has received an 18-month prison sentence plus 36 months of supervised release.

Darkode was a prolific hacking forum that sold pre-packaged hacking kits, malware, zero-day exploits, stolen data, spamming and botnet services. The platform was dismantled by international law authorities in 2015 in a major crackdown that saw over 70 Darkode members and associates arrested. The US authorities charged 12 individuals linked to the marketplace.

According to the authorities, the sentenced admin, Thomas Kennedy McCormick, aka “fubar,” developed and sold malware designed to steal personal and financial information, causing about $679,000 in financial losses.

McCormick was arrested in 2018 and was charged with multiple offenses, including racketeering conspiracy, aggravated identity theft, and conspiracy to commit bank, wire, and access device fraud, hacking, and extortion. He pled guilty in 2020.

Czechia and Ukraine bust multi-million euro voice phishing gang

The Czech and Ukrainian law enforcement neutralized a large-scale cybercrime operation that stole tens of millions of euros from victims across Europe through vishing (voice or VoIP phishing) attacks. In Czechia alone, the phishers defrauded citizens of CZK 195 000 000 (around 8 million euros).

Vishing is a type of social engineering technique that uses voice and telephony technologies to trick victims into providing sensitive information to cybercriminals.

The phishing syndicate set up a number of call centers in Ukraine to carry out vishing attacks. The scammers used spoofed phone numbers and impersonated bank employees and law enforcement to gain victims’ trust and convince them to transfer money from their ostensibly compromised bank accounts to bank accounts belonging to the criminals.

As part of the police operation, six suspects were arrested in Ukraine, and four suspects in Czechia in April 2023. The police officers also confiscated mobile phones, SIM cards and computer equipment.

ImmuniWeb Newsletter

Get exclusive updates and invitations to our events and webinars:


Private and Confidential Your data will stay private and confidential

A Russian couple linked to Phobos ransomware charged in France

French authorities have charged a married couple from Saint Petersburg, Russia, suspected of their involvement in the Phobos ransomware operation.

A man and a woman, both in their thirties, were charged last month with illegal access and manipulation of an automated data processing system, extortion, and aggravated money laundering. Both suspects were placed in pre-trial detention.

The couple was detained in Milan, Italy, in the summer of this year and extradited to France. The authorities said the suspects have been cooperating with Phobos since 2020 and successfully extracted at least 150 ransom payments from entities worldwide, including French authorities and businesses.

What’s next:

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.
Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential