Wednesday, May 7, 2025
Homecyber securityAuthorities Took Down Massive Phishing-as-a-service Provider

Authorities Took Down Massive Phishing-as-a-service Provider

Published on

SIEM as a Service

Follow Us on Google News

A notorious phishing service that supplied cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted by a joint operation involving Malaysian, Australian, and U.S. authorities. 

BulletProftLink, also known as a phishing-as-a-service (PhaaS) platform, had been operating for several years and had a large customer base that engaged in various forms of online fraud, posing a serious threat to both individuals and businesses.

International Cooperation in Action

The operation resulted in the arrest of eight suspects, aged between 29 and 56, including a key figure at 36. 

- Advertisement - Google News

The Royal Malaysian Police Inspector-General Tan Sri Razarudin Husain announced the success of the operation on Nov. 8, 2023.

He revealed the seizure of servers, computers, jewelry, vehicles, and cryptocurrency wallets containing around 1 million Malaysian ringgit (approximately US $213,000), reads the Intel471 report.

Royal Malaysian Police posted a video of a press conference describing a policing operation that dismantled a phishing syndicate on TikTok on Nov. 8, 2023.

The Australian Federal Police and the U.S. FBI provided vital assistance in this significant takedown.

BulletProftLink was known for its durability and popularity, offering a range of services, including phishing kits, scam page templates, and automated solutions through single-payment or subscription models.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

The service catered to a wide clientele involved in various fraudulent activities, highlighting the importance of initial access brokering in cybercrime.

The threat actor behind BulletProftLink, identified as AnthraxBP (also known as TheGreenMY and AnthraxLinkers), displayed notable lapses in operational security. 

Both AnthraxBP and the developers of BulletProftLink made mistakes that allowed cybersecurity professionals to uncover real-world identities, addresses, and even family details through publicly available information.

Operational security lapses extended to the BulletProftLink developers, who posted code related to the phishing operation on public platforms like GitHub. 

Disgruntled customers further compromised security by revealing Bitcoin addresses used for payments, exposing invoices, and even disclosing the age of one customer, who was just 15 years old.

BulletProftLink’s extensive impact is evident in its statistics, boasting over 8,138 active clients and 327 phishing page templates as of April 2023. 

The phishing templates covered a wide range, targeting organizations such as Microsoft Office, DHL, Naver, American Express, Bank of America, Consumer Credit Union, and Royal Bank of Canada.

Evolving Tactics

The article also reveals the evolving tactics of BulletProftLink, including the integration of the Evilginx2 source code into its inventory. 

This addition enabled the threat actors to conduct adversary-in-the-middle (AITM) phishing attacks, capturing not only login credentials but also session tokens, presenting a heightened risk for enterprises by bypassing multifactor authentication.

The international response to BulletProftLink’s activities underscores the importance of coordinated law enforcement efforts in tackling cybercrime. 

This successful operation, led by the Royal Malaysian Police, serves as a major step in dismantling a major player in the cybercrime-as-a-service landscape, ultimately contributing to a safer online environment.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...