Cyber investigation

Group-IB has assisted the operation led by Interpol in conjunction with AFRIPOL, DITT, and Orange-CERT-CC. The investigation was aimed at disrupting the activity of a cybercriminal syndicate OPERA1ER accountable for over 30 attacks in Africa, South Asia, and Latin America. The estimated damage from the cybercrime group actions could reach $30 million.

With the help of Group-IB intelligence, a key member of a cybercriminal group was identified along with their potential location. As a result, this individual was subsequently detained in Abidjan, Côte d’Ivoire.

Group-IB has participated in an international operation involving INTERPOL and national law enforcement agencies in Indonesia, Japan and the United States targeting the notorious ‘phishing-as-a-service’ (PaaS) platform 16shop, on which phishing kits were sold. The phishing kits were designed to steal credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, Cash App, etc.

As a result of the special operation coordinated by INTERPOL, 16shop was shut down and its 21-year-old operator and two suspected facilitators were arrested, one in Indonesia and one in Japan. Group-IB’s Cyber Investigation team in the Asia-Pacific region helped to track down the suspect and identify the victims.

Preceded by operations Falcon and Falcon II, Delilah is the final point of the Interpol-coordinated investigation aimed at disrupting a transnational phishing syndicate that has compromised thousands of companies and individual victims in more than 150 countries. Group-IB had been tracking the syndicate since 2019 and provided intelligence that led to the identification of the alleged head of a gang.

The operation initiated by an intelligence referral from Group-IB resulted in the arrest of phishing syndicate’s head in Lagos.

Italian law enforcement agency Guardia di Finanza involved Group-IB high-tech crime investigations team in the probe into activities of an organization trading fake Green Passes via the Telegram messenger. Threat actors used this activity to fraudulently obtain personal data.Group-IB discovered and confirmed 35 Telegram channels offering fake documents and helped reveal suspected perpetrators’ identities.

Termination of the Telegram channels’ administrators’ activity led to the decrease in personal data thefts, which would prevent the use of this data to penetrate the infrastructure of companies.

Group-IB, Interpol and Indonesian Cyber Police joint investigation of the operators of JS-sniffers was deployed in five ASEAN countries. According to Group-IB’s data, the suspects infected hundreds of eCommerce websites across the globe. Payment and personal data of thousands of online shoppers from Asia, Europe, and the Americas had been stolen.

The arrest of the suspects in 2019 resulted in the number of JS-sniffers dropping and eCommerce brands’ reputational risks declined due to improved safety of their customers.

Group-IB has assisted the Dutch National Police in the operation to apprehend members of a cybercriminal group "Fraud Family". The group was selling phishing frameworks by the Fraud-as-a-Service model via Telegram network of channels with roughly 2,000 subscribers. Group-IB has identified the individuals behind the Dutch-speaking syndicate and shared their findings with the authorities.

Perpetrators' illegal business was shut down leading to the drop in number of online fraudsters, who were the clients of the group. Identification of several sophisticated phishing frameworks helped companies strengthen protection against them.

Group-IB assisted Interpol in its two-year investigation of activities of the suspect responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding. Among his victims are French telecommunication companies, the county’s major banks and multinational corporations. The Group-IB team conducted a research to identify and deanonymize the cybercriminal.

The arrest of the criminal involved in phishing and deface attacks as well as malware development data and carding resulted in a dropped likelihood of encountering these crimes in the EU region.