Search This Blog

Showing posts with label Interpol. Show all posts

Interpol Arrests Moroccan Hacker Engaged in Phishing Attacks

 

As part of a global phishing and credit card fraud scheme, law enforcement authorities with Interpol apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France. According to a report published on 6th July by cybersecurity firm Group-IB, the two-year investigation, called Operation Lyrebird by the international, intergovernmental group, resulted in the arrest of a Moroccan citizen nicknamed Dr HeX.

According to the cybersecurity firm, Dr HeX has been "active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims." The cyber-attacks included the use of a phishing kit that included online pages that spoofed banking firms in the country, as well as mass emails that imitated the targeted companies and asked users to enter login credentials on the rogue website. 

The credentials submitted by unwitting victims on the phoney web page were then forwarded to the perpetrator's email address. At least three separate phishing kits were discovered, all of which were apparently created by the threat actor. The phishing kits were also "sold to other individuals through online forums to allow them to facilitate similar malicious campaigns against victims," Interpol said in a statement. "These were then used to impersonate online banking facilities, allowing the suspect and others to steal sensitive information and defraud trusting individuals for financial gain, with the losses of individuals and companies published online in order to advertise these malicious services." 

The name Dr HeX and the individual's contact email address were included in the phishing kit scripts, which allowed the cybercriminal to be identified and deanonymized, revealing a YouTube channel as well as another name used by the adversary to register at least two fraudulent domains used in the attacks. Furthermore, Group-IB claimed it was able to link the email address to the accused's malicious infrastructure, which includes up to five email addresses, six nicknames, and accounts on Skype, Facebook, Instagram, and YouTube. 

Dr Hex's digital footprint left a tell-tale trail of malicious activities between 2009 and 2018, during which the threat actor defaced 134 web pages, as well as posts created by the attacker on various underground forums devoted to malware trading and evidence suggesting his involvement in attacks on French corporations to steal financial information.

Interpol Seize $83 Million in Operation Against Online Financial Fraud

 

More than 500 suspects were arrested in the Interpol-coordinated Operation ‘HAECHI-I’ and $83 million were seized which belonged to the victims of online financial crime. Over 40 law enforcement officers across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I and intercepted $83 million from being transferred to the accounts of their perpetrators.

Law enforcement agencies were specifically focused on five types of online financial crime: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.

A total of 585 individuals were arrested, and more than 1,600 bank accounts belonging to perpetrators of the cyber-enabled financial crime were frozen. The stolen funds were blocked from getting into the scammers' accounts following multiple joint operations and months of collecting intelligence on the attackers' operations.

More than 1,400 investigations were opened during HAECHI-I’s six-month operational phase targeting cybercrime in the Asia Pacific region (i.e., Cambodia, China, Indonesia, Korea, Laos, The Philippines, Singapore, Thailand, and Vietnam), with 892 cases having already been solved and the rest still being investigated. 

“Online fraudsters often attempt to exploit the borderless nature of the Internet by targeting victims in other countries or transferring their illicit funds abroad. The results of Operation HAECHI-I demonstrate that online financial crime is fundamentally global and that only through close international cooperation can we effectively combat these criminals," said Ilana de Wild, Interpol's Director of Organized and Emerging Crime. 

Last year, Interpol also advised victims of online financial scams to immediately take action to intercept stolen funds before their money reached the scammers' bank accounts. In January 2021, Interpol warned all 194 member states of fraudsters targeting dating app users and trying to trick them into investing through fake trading apps. 

“The key factors in intercepting illicit money transfers are speed and international cooperation. The faster victims notify law enforcement, the faster we can liaise with INTERPOL and law enforcement in the relevant countries to recover their funds and put these criminals behind bars,” Amur Chandra, Brigadier General of the Indonesian National Police and Secretary of Indonesia’s INTERPOL National Central Bureau, stated.

Joker's Stash, the Largest Carding Forum Shutting Down

 

Joker's Stash opened in 2014 and was perhaps the most well-known underground carding site which gave new stolen credit card data and a guarantee of card validity. The activity gas has undergone a decline since mid-2020. The normally active administrator, Joker's Stash, had several gaps in communication. Joker's Stash, announced on January 15, 2021, that it is expected to shut down in a month - the stipulated date being February 15, 2021. The news was announced by the site's administrator through messages posted on different underground cybercrime forums where the site normally publicized its services.

Threat intelligence firm Intel 471 posted a blog expressing that Joker's Stash's fall comes after an extremely tempestuous close to 2020, documenting the website's end. In October, the individual who purportedly runs the site declared that he had contracted COVID-19, going through seven days in the hospital. The condition has influenced the site's forums, inventory replenishments, and different tasks. Intel 471 likewise found that the customers of the site were complaining that the shop's payment card data quality was progressively poor. 

The FBI and Interpol held onto four domains operated by the marketplace. During that time, the site's administrators said the law enforcement crackdown left just restricted effect on the site, the domains were just utilized as proxies to reroute clients from landing pages to the genuine marketplace, and that authorities didn't hold onto any servers containing card or client information. Despite the fact that the seizure didn't have a lot of effects, it chiefly influenced the site's reputation and made clients feel that the once-untouchable Joker's Stash was presently an open book for law enforcement agencies. 

The Joker's Stash admin didn't give more insights about the choice to close down the site. They may have chosen to stop as opposed to being taken down by the law enforcement agencies. Nonetheless, that doesn't infer that the site's administrator is now immune to prosecution. Prior to its declaration of closing down, the Joker's Stash was viewed as perhaps the most profitable cybercrime operations today.

As indicated by Christopher Thomas, Intelligence Production Analyst at Gemini Advisory, the shop is assessed to have made countless dollars in illicit profits, despite the fact that this cash also goes to the vendors themselves. Joker's Stash has been working since October 7, 2014. Last year alone, the site had posted more than 35 million CP (card present) records and in excess of 8 million CNP (card not present) records.

The site's administrator intends to wipe all servers and backups when they shut their operations next month.