A notorious Phishing-as-a-Service (PhaaS) network, known as BulletProftLink, has been seized by the Royal Malaysian Police in collaboration with the FBI and the Australian Federal Police.
The illicit platform has been operating since 2015, and managed to evade the cybersecurity community's notice until 2018. By then, it had gathered thousands of subscribers, including some paying hefty sums to access batches of stolen credentials.
BulletProftLink provided cybercriminals with over 300 phishing templates, making it easier for them to launch attacks.
The platform offered a range of services, including ready-made phishing kits, customization options, page hosting, reverse proxying, and credential-harvesting tools. These resources were crucial in enabling cybercriminals to execute sophisticated phishing attacks.
The joint operation involved several law enforcement agencies and culminated in the arrest of eight people on Nov. 6, including the alleged leader of the illicit marketplace.
Authorities also seized cryptocurrency wallets valued at about $213,000, along with jewelry, servers, vehicles, payment cards and computers. The confiscated servers are expected to provide vital insights into the operation and its users.
BulletProftLink's platform boasted vast resources, including fake login pages for well-known companies such as DHL, Microsoft, American Express, and the Royal Bank of Canada.
The operation cunningly hosted some of these pages on legitimate platforms like Microsoft Azure or Google Cloud to bypass email security tools.
Another significant asset was access to Evilginx2, a reverse-proxying tool enabling AITM phishing attacks, which can bypass multi-factor authentication (MFA) measures.