[lulagain]

INTERPOL and national law enforcement agencies in Indonesia, Japan and the United States targeting the notorious ‘phishing-as-a-service’ (PaaS) platform 16shop, on which phishing kits were sold. The phishing kits were designed to steal credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, Cash App, and others. As a result of the special operation coordinated by INTERPOL, 16shop was shut down and its 21-year-old operator and two suspected facilitators were arrested, one in Indonesia and one in Japan. Group-IB’s Cyber Investigation team in the Asia-Pacific region helped to track down the suspect and identify the victims.

The arrest marked the culmination of intensive intelligence sharing between the INTERPOL cybercrime directorate, national law enforcement in Indonesia, Japan, and the United States, and private sector partners including Group-IB.

Data collected by Group-IB indicate that more than 150,000 phishing domains were created using the phishing kits in question. The phishing kits sold on 16shop were utilized to target users in Germany, Japan, France, the USA, the UK, Thailand and other countries. Phishing kits represent archive files with a set of scripts that ensure the work of a phishing website. This toolset enables cybercriminals with modest programming skills to deploy phishing pages quickly and in large numbers, often using them as substitutes for each other.

According to Group-IB, the phishing kits in question had been traded on the cybercriminal underground since at least November 2017. The phishing kits were being sold at a relatively modest price of US $60-150 depending on the targeted brand. As such, fake pages mimicking Amazon were offered for $60, and phishing pages targeting the users of American Express – for $150. The developers of the phishing kits ensured the localization of phishing pages in more than 8 languages. A victim would see relevant phishing content depending on their geolocation. This feature allowed the buyers of these phishing kits to target victims almost anywhere in the world. Group-IB’s Cyber Investigation unit supported the operation by analyzing the infrastructure used by the suspect and collecting their digital traces to ultimately establish their identity. Group-IB’s experts also helped to identify some victims in Indonesia.

The INTERPOL team compiled and dispatched a criminal intelligence report to the Indonesian National Police’s Directorate of Cyber Crimes, which allowed national law enforcement to apprehend a suspected 21-year-old administrator in 2022, seizing electronic items and several luxury vehicles in the process. Following the successful apprehension of the administrator, further information was shared between the National Police Agency of Japan and the Indonesian National Police resulting in the identification and arrest of two suspected facilitators.