The group’s malicious campaigns are so sophisticated that, they used over 40 fake websites – all hosted on their own server. Further, they used online marketing and advertising services to promote their phishing sites in search results rankings.
A Sophisticated Phishing Gang
A phishing campaign is one of the common vectors of breaching someone’s online accounts. Many threat actors use this method to steal a target’s social media or a bank account, for stealing identity or money. And since many security software and tools are able to detect common phishing sites, threat actors are coming up with new ideas to bypass them. One among them is the usage of legitimate services like online advertising in search results. A cybercriminal gang based in Ukraine are arrested today by the police, who were said to be running a sophisticated phishing campaign. This includes using over 40 fake websites – all hosted on their in-house-made servers. With one of them (total 5) managing the servers, others are tasked with other operations.
These include three acting as money mules, laundering the stolen money through phishing campaigns. Overall, the gang’s said to have earned over 5 million hryvnias ($175,000) through all the campaigns. Police said the gang’s sophistication relied on using online advertising of their phishing sites, across web search results and social media platforms. This is logical, as advertising agencies don’t thoroughly check the clients showcasing their products through their network. Items like mobile phones, flash drives, bank cards, computers, and cash of 2 million hryvnias ($70,000) were seized in raided residences of the threat actors. This mob may now face charges on various cyber counts and be punishable through a prison time of upto eight years.