Authorities in charge have reported the dismantling of a significant phishing campaign aimed at mobile phone credentials.
The PhaaS platform, known as iServer, was used to target more than 483,000 individuals worldwide, with a major impact on countries like Chile (77,000), Colombia (70,000), and Spain (30,000).
In a public statement, Europol highlighted that the victims mostly consisted of Spanish-speaking citizens from various continents.
Operation Kaerb, the operation’s code name, involved multiple agencies from countries such as Spain, Argentina, and Colombia.
Through a joint effort lasting from September 10 to 17, an individual from Argentina, responsible for operating the PhaaS service since 2018, was apprehended.
The operation resulted in a total of 17 apprehensions and 28 searches, leading to the confiscation of 921 items, including electronic devices, automobiles, and weapons. It is estimated that over 1.2 million mobile phones were successfully unlocked.
According to Group-IB, iServer was unique in its focus on extracting credentials to unlock stolen phones, setting it apart from other phishing platforms.
The company mentioned that iServer provided a web interface that allowed inexperienced criminals, known as “unlockers,” to access passwords and user credentials from cloud-based mobile platforms to circumvent security measures.
The network’s administrator connected unlockers who employed iServer not only to unlock stolen phones but also to market their services, particularly to phone thieves.
These unlockers were responsible for sending deceptive messages to victims of phone thefts, aiming to gather information that would grant access to the devices.
By following a series of redirections, victims were led to a page where they were tricked into entering their credentials, passcodes, and 2FA codes, which were then exploited to access the device.
Group-IB emphasized that iServer stood out due to its automated creation and delivery of imitation pages of renowned cloud-based mobile platforms, increasing its efficiency in carrying out cybercrimes.
Ghost Platform Taken Down Globally
Europol and the Australian Federal Police (AFP) recently announced the termination of an encrypted communication network known as Ghost (“www.ghostchat[.]net“), which was utilized for criminal activities on a large scale.
This platform came bundled with a customized Android device priced at approximately $1,590 for a half-year subscription and was used for various illegal purposes, including trafficking, money laundering, and violent acts.
Ghost is the most recent addition to a series of similar services like Phantom Secure, EncroChat, Sky ECC, and Exclu, which have been shut down due to their involvement in criminal operations.
According to Europol, Ghost provided three encryption standards and allowed users to send self-destructing messages, aiding criminal networks in communicating securely, evading detection, and coordinating illegal activities across borders.
Several thousand individuals are believed to have utilized the platform for conducting criminal activities on a global scale.
network, with approximately 1,000 messages traded via the system daily prior to its interruption.
During the investigation that began in March 2022, 51 individuals have been apprehended: 38 in Australia, 11 in Ireland, one in Canada, and one in Italy affiliated with the Italian Sacra Corona Unita mafia syndicate.
Leading the group is a 32-year-old individual from Sydney, New South Wales, who has been accused of establishing and managing Ghost as part of Operation Kraken, alongside several others accused of utilizing the network for moving cocaine and cannabis, overseeing drug distribution, and fabricating a fictitious terrorism scheme.
It is suspected that the chief administrator, Jay Je Yoon Jung, commenced the illegal business venture nine years ago, yielding him millions of dollars in illicit gains. He was detained at his residence in Narwee. The operation also led to the dismantling of a narcotics lab in Australia, as well as the confiscation of weapons, drugs, and €1 million in cash.
The AFP stated that they infiltrated the network’s infrastructure to carry out a software supply chain strike by altering the software update process to access the data stored on 376 active devices located in Australia.
“The secure communication landscape has grown more diverse due to recent law enforcement actions aimed at networks used by criminal factions,” Europol remarked.
“In response, criminal elements are now resorting to a range of less-established or tailor-made communication tools that offer varying levels of confidentiality and anonymity. In this way, they pursue innovative technical solutions and also employ popular communication platforms to diversify their approaches.”
The law enforcement authority, while emphasizing the necessity for access to communications among suspects to combat severe offenses, urged private enterprises to ensure that their systems do not turn into safe zones for malicious individuals and provide avenues for legitimate data access “under judicial supervision and with full regard for fundamental rights.”
Germany Executes Shutdown on 47 Cryptocurrency Trading Platforms
The endeavors also coincide with Germany’s closure of 47 cryptocurrency trading services situated in the country that facilitated illegal money laundering operations for cybercriminals, including ransomware groups, darknet merchants, and botnet operators. The operation has been codenamed Final Exchange.
These services have been charged with failing to enforce Know Your Customer (KYC) or anti-money laundering programs and intentionally concealing the origin of criminally obtained funds, thereby enabling cybercrime to prosper. No arrests were officially announced.
“The Exchange services allowed barter transactions without undergoing a registration process and without verifying identity documents,” the Federal Criminal Police Office (aka Bundeskriminalamt) declared. “The offer aimed to exchange cryptocurrencies into other digital or digital currencies swiftly, easily, and anonymously to cover their lineage.”
U.S. DoJ Accuses Two in $230 Million Cryptocurrency Fraud Scheme
Concluding the law enforcement actions against cybercrime, the U.S. Department of Justice (DoJ) stated that two individuals have been apprehended and charged with a conspiracy to pilfer and launder over $230 million in cryptocurrency from an anonymous victim in Washington D.C.
Malone Lam, 20, and Jeandiel Serrano, 21, along with other partners in crime, are alleged to have executed cryptocurrency thefts at least since August 2024 by gaining entry to victims’ accounts, which were subsequently laundered through diverse exchanges and mixing services.
The unlawfully acquired proceeds were utilized to finance a lavish lifestyle, including international travel, nightclubs, luxury vehicles, timepieces, jewelry, designer purses, and leased properties in Los Angeles and Miami.
“They laundered the earnings, including by routing the funds through multiple mixers and exchanges using ‘peel chains,’ pass-through wallets, and virtual private networks (VPNs) to mask their actual identities,” the DoJ explained.
About Author
