Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Law enforcement agencies reported the elimination of an international criminal group that used the automated phishing platform iServer to unlock stolen and lost smartphones. In total, 483,000 people around the world suffered at the hands of attackers.
The operation, codenamed Kaerb, which involved law enforcement and judicial authorities from Spain, Argentina, Chile, Colombia, Ecuador and Peru, began back in 2022. It was then that Europol received information about the attackers from Group-IB specialists, which helped the authorities identify victims and criminals behind this phishing activity.
According to Group-IB, the iServer platform has existed since 2018 and has automated phishing attacks by creating malicious pages that mimic popular cloud mobile platforms.
iServer operators helped low-skilled attackers known as unlockers, who had stolen phones that needed to be unlocked. The unblockers used the platform to automate phishing attacks via emails, SMS, or voice calls to steal victims' credentials.
Through phishing, hackers collected all the data they needed to unlock stolen or lost phones (including device passwords, user credentials, and personal information) and bypass Lost Mode, which ultimately cut off devices from their former owners.
For example, iServer users could create a phishing page and send an SMS with a malicious link to the victim. The SMS looked like a message from Apple, and the owner of the lost device was promised to tell in detail how to find the device.
However, in reality, the link redirected the victim to a phishing page where the attackers collected the credentials needed to unlock the device.
In total, more than 2000 unlockers were registered on iServer who provided phone unlocking services to other criminals. The platform was used to attack the owners of 1.2 million phones around the world.
As a result of Operation Kaerb, 483,000 victims (mostly Spanish-speaking citizens from Europe, North and South America) were exposed to phishing while trying to regain access to their devices.
iServer Workflow
It is reported that from September 10 to 17, 2024, law enforcement agencies arrested 17 suspects in Argentina, Chile, Colombia, Ecuador, Peru and Spain, conducted 28 searches and seized a lot of evidence, including mobile phones, other electronic devices, luxury cars and weapons.
Among the detainees was the administrator of the phishing platform. He turned out to be an Argentine citizen who had been managing the service for more than five years.
• Source: https://www.europol.europa.eu/media...s-worldwide-busted-in-spain-and-latin-america
• Source: https://www.group-ib.com/media-center/press-releases/operation-kaerb/
The operation, codenamed Kaerb, which involved law enforcement and judicial authorities from Spain, Argentina, Chile, Colombia, Ecuador and Peru, began back in 2022. It was then that Europol received information about the attackers from Group-IB specialists, which helped the authorities identify victims and criminals behind this phishing activity.
According to Group-IB, the iServer platform has existed since 2018 and has automated phishing attacks by creating malicious pages that mimic popular cloud mobile platforms.
iServer operators helped low-skilled attackers known as unlockers, who had stolen phones that needed to be unlocked. The unblockers used the platform to automate phishing attacks via emails, SMS, or voice calls to steal victims' credentials.
Through phishing, hackers collected all the data they needed to unlock stolen or lost phones (including device passwords, user credentials, and personal information) and bypass Lost Mode, which ultimately cut off devices from their former owners.
For example, iServer users could create a phishing page and send an SMS with a malicious link to the victim. The SMS looked like a message from Apple, and the owner of the lost device was promised to tell in detail how to find the device.
However, in reality, the link redirected the victim to a phishing page where the attackers collected the credentials needed to unlock the device.
In total, more than 2000 unlockers were registered on iServer who provided phone unlocking services to other criminals. The platform was used to attack the owners of 1.2 million phones around the world.
As a result of Operation Kaerb, 483,000 victims (mostly Spanish-speaking citizens from Europe, North and South America) were exposed to phishing while trying to regain access to their devices.
iServer Workflow
It is reported that from September 10 to 17, 2024, law enforcement agencies arrested 17 suspects in Argentina, Chile, Colombia, Ecuador, Peru and Spain, conducted 28 searches and seized a lot of evidence, including mobile phones, other electronic devices, luxury cars and weapons.
Among the detainees was the administrator of the phishing platform. He turned out to be an Argentine citizen who had been managing the service for more than five years.
• Source: https://www.europol.europa.eu/media...s-worldwide-busted-in-spain-and-latin-america
• Source: https://www.group-ib.com/media-center/press-releases/operation-kaerb/
