BulletProftLink PhaaS Platform That Provided More Than 300 Phishing Templates Shut Down By Police
Read also: Darkode admin gets an 18-month prison sentence, US authorities dismantle the IPStorm botnet, and more.
Thursday, November 16, 2023
Police shut down prolific Phishing-as-a-Service platform, mastermind arrested
The Royal Malaysian Police announced the takedown of BulletProftLink (aka BulletProofLink and Anthrax), a notorious phishing-as-a-service (PhaaS) platform that first emerged in 2015 and swiftly gained popularity among cybercriminals due to its wide range of services, including phishing kits, scam page templates and automated solutions allowing to carry out nefarious activities.
By 2023, the service boasted over 8,000 active clients and more than 300 phishing templates targeting multiple organizations such as Microsoft, Bank of America, American Express, DHL, Naver, and others.
BulletProftLink’s takedown was carried out in cooperation with the Australian Federal Police and the US Federal Bureau of Investigation (FBI). As part of the action, the Malaysian police arrested eight individuals across the country, including the alleged mastermind behind the BulletProftLink operation - a self-taught man in his forties.
Along with the arrests, the police confiscated a cryptocurrency wallet containing 965,808 Malaysian ringgit (~$205,000) worth of crypto assets, servers, electronic devices, payment cards, jewelry, and vehicles.
Request your free demo now and talk to our experts.
US authorities dismantled the IPStorm botnet that infected over 20,000 PCs worldwide
US authorities announced the takedown of IPStorm, a notorious botnet proxy service comprising over 23,000 infected computers worldwide. At present, there are no details regarding the shutdown, however, the US Department of Justice revealed that the alleged mastermind behind the IPStorm service has pled guilty in a US court.
The authorities said that Sergei Makinin, a Russian and Moldovan national, created and deployed malware to breach thousands of devices worldwide and make a profit by turning them into proxies.
Makinin sold access to these hacked devices to customers who wanted to hide their internet activities through a couple of websites, charging them hundreds of dollars a month for routing traffic through thousands of infected machines. Makinin admitted that he earned at least $550,000 through the IPStorm service.
He pled guilty on September 18, 2023, to charges related to illegal access and damage to protected computers. The man could face up to 30 years in prison if found guilty. Additionally, he agreed to forfeit cryptocurrency wallets linked to the illicit operation.
An admin of the largest English-speaking black cybermarket sentenced to 18 months in prison
An administrator of the once-largest English-language dark web market in the world Darkode has received an 18-month prison sentence plus 36 months of supervised release.
Darkode was a prolific hacking forum that sold pre-packaged hacking kits, malware, zero-day exploits, stolen data, spamming and botnet services. The platform was dismantled by international law authorities in 2015 in a major crackdown that saw over 70 Darkode members and associates arrested. The US authorities charged 12 individuals linked to the marketplace.
According to the authorities, the sentenced admin, Thomas Kennedy McCormick, aka “fubar,” developed and sold malware designed to steal personal and financial information, causing about $679,000 in financial losses.
McCormick was arrested in 2018 and was charged with multiple offenses, including racketeering conspiracy, aggravated identity theft, and conspiracy to commit bank, wire, and access device fraud, hacking, and extortion. He pled guilty in 2020.
Czechia and Ukraine bust multi-million euro voice phishing gang
The Czech and Ukrainian law enforcement neutralized a large-scale cybercrime operation that stole tens of millions of euros from victims across Europe through vishing (voice or VoIP phishing) attacks. In Czechia alone, the phishers defrauded citizens of CZK 195 000 000 (around 8 million euros).
Vishing is a type of social engineering technique that uses voice and telephony technologies to trick victims into providing sensitive information to cybercriminals.
The phishing syndicate set up a number of call centers in Ukraine to carry out vishing attacks. The scammers used spoofed phone numbers and impersonated bank employees and law enforcement to gain victims’ trust and convince them to transfer money from their ostensibly compromised bank accounts to bank accounts belonging to the criminals.
As part of the police operation, six suspects were arrested in Ukraine, and four suspects in Czechia in April 2023. The police officers also confiscated mobile phones, SIM cards and computer equipment.
A Russian couple linked to Phobos ransomware charged in France
French authorities have charged a married couple from Saint Petersburg, Russia, suspected of their involvement in the Phobos ransomware operation.
A man and a woman, both in their thirties, were charged last month with illegal access and manipulation of an automated data processing system, extortion, and aggravated money laundering. Both suspects were placed in pre-trial detention.
The couple was detained in Milan, Italy, in the summer of this year and extradited to France. The authorities said the suspects have been cooperating with Phobos since 2020 and successfully extracted at least 150 ransom payments from entities worldwide, including French authorities and businesses.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
