Tuesday, December 17, 2024
Homecyber securityAuthorities Took Down Massive Phishing-as-a-service Provider

Authorities Took Down Massive Phishing-as-a-service Provider

Published on

SIEM as a Service

A notorious phishing service that supplied cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted by a joint operation involving Malaysian, Australian, and U.S. authorities. 

BulletProftLink, also known as a phishing-as-a-service (PhaaS) platform, had been operating for several years and had a large customer base that engaged in various forms of online fraud, posing a serious threat to both individuals and businesses.

International Cooperation in Action

The operation resulted in the arrest of eight suspects, aged between 29 and 56, including a key figure at 36. 

- Advertisement - SIEM as a Service

The Royal Malaysian Police Inspector-General Tan Sri Razarudin Husain announced the success of the operation on Nov. 8, 2023.

He revealed the seizure of servers, computers, jewelry, vehicles, and cryptocurrency wallets containing around 1 million Malaysian ringgit (approximately US $213,000), reads the Intel471 report.

Royal Malaysian Police posted a video of a press conference describing a policing operation that dismantled a phishing syndicate on TikTok on Nov. 8, 2023.

The Australian Federal Police and the U.S. FBI provided vital assistance in this significant takedown.

BulletProftLink was known for its durability and popularity, offering a range of services, including phishing kits, scam page templates, and automated solutions through single-payment or subscription models.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

The service catered to a wide clientele involved in various fraudulent activities, highlighting the importance of initial access brokering in cybercrime.

The threat actor behind BulletProftLink, identified as AnthraxBP (also known as TheGreenMY and AnthraxLinkers), displayed notable lapses in operational security. 

Both AnthraxBP and the developers of BulletProftLink made mistakes that allowed cybersecurity professionals to uncover real-world identities, addresses, and even family details through publicly available information.

Operational security lapses extended to the BulletProftLink developers, who posted code related to the phishing operation on public platforms like GitHub. 

Disgruntled customers further compromised security by revealing Bitcoin addresses used for payments, exposing invoices, and even disclosing the age of one customer, who was just 15 years old.

BulletProftLink’s extensive impact is evident in its statistics, boasting over 8,138 active clients and 327 phishing page templates as of April 2023. 

The phishing templates covered a wide range, targeting organizations such as Microsoft Office, DHL, Naver, American Express, Bank of America, Consumer Credit Union, and Royal Bank of Canada.

Evolving Tactics

The article also reveals the evolving tactics of BulletProftLink, including the integration of the Evilginx2 source code into its inventory. 

This addition enabled the threat actors to conduct adversary-in-the-middle (AITM) phishing attacks, capturing not only login credentials but also session tokens, presenting a heightened risk for enterprises by bypassing multifactor authentication.

The international response to BulletProftLink’s activities underscores the importance of coordinated law enforcement efforts in tackling cybercrime. 

This successful operation, led by the Royal Malaysian Police, serves as a major step in dismantling a major player in the cybercrime-as-a-service landscape, ultimately contributing to a safer online environment.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Beware of Malicious Ads on Captcha Pages that Deliver Password Stealers

Malicious actors have taken cybercrime to new heights by exploiting captcha verification pages, a...

Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely

Critical Authentication Bypass Vulnerability Identified in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer.A...

ConnectOnCall Data Breach, 900,000 Customers Data Exposed

 The healthcare communication platform ConnectOnCall, operated by ConnectOnCall.com, LLC, has confirmed a significant data...

Kali Linux 2024.4 Released – What’s New!

Kali Linux has unveiled its final release for 2024, version Kali Linux 2024.4, packed...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Beware of Malicious Ads on Captcha Pages that Deliver Password Stealers

Malicious actors have taken cybercrime to new heights by exploiting captcha verification pages, a...

Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely

Critical Authentication Bypass Vulnerability Identified in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer.A...

ConnectOnCall Data Breach, 900,000 Customers Data Exposed

 The healthcare communication platform ConnectOnCall, operated by ConnectOnCall.com, LLC, has confirmed a significant data...