- 3,014
- 282
- 1,730
Dutch police reported the arrest of two members of the Fraud Family hack group (a 24-year-old man and a 15-year-old teenager), which rented out phishing kits of their own production. The group operated via Telegram and mainly targeted Dutch and Belgian criminals. The 24-year-old, undisclosed detainee is believed to have developed the phishing kits, while the teenager was responsible for selling access to the tools.
Group-IB Threat Intelligence specialists helped law enforcement officers to track the Fraud Family. Since 2020, the information security company has recorded large-scale phishing attacks on residents of the Netherlands and Belgium. The fake pages were disguised as the resources of large European banks - with their help, fraudsters tricked the data of bank cards. A typical attack started with a message in WhatsApp or SMS (supposedly from a bank) with a request to follow a link - as a result, the victim was directed to phishing resources.
After blocking the dangerous content, Group-IB specialists studied the cybercriminals' infrastructure in detail and contacted the Fraud Family criminal group operating according to the Fraud-as-a-Service scheme. To advertise their services, the attackers actively used Telegram: in total, about 2,000 people were subscribed to their channels.
In doing so, the group sold not only phishing kits, but also created a phishing-as-a-service platform, where hackers were asked to host phishing sites and a backend if the attackers themselves did not have the technical skills to maintaining their own infrastructure. The platform offered protection against bots to prevent cybersecurity researchers from accessing phishing sites for analysis, and also protected phishing resources from search robots and security scanners such as VirusTotal and URLScan. Prices for such hosting usually ranged from 200 to 250 euros per month.
“We identified the main team - Fraud Family, defined the roles of the participants, collected digital evidence and provided all the information to the police, which ultimately led to the arrest,” says Anton Ushakov, Deputy Head of the Group-IB High-Tech Crimes Investigation Department in Europe.
Interestingly, after the arrest of the suspects, the Dutch police informed all members of Fraud Family's Telegram channels about the incident in order to warn them against future attacks on Dutch facilities. This is not the first time that law enforcement officers from the Netherlands have warned criminals of the possible consequences. So, at the beginning of this year, law enforcement officers published warnings on popular Russian-speaking and English-language hack forums (RaidForums and XSS), stating that "the deployment of criminal infrastructure in the Netherlands is a hopeless business." @ xakep.ru
__________________
Group-IB Threat Intelligence specialists helped law enforcement officers to track the Fraud Family. Since 2020, the information security company has recorded large-scale phishing attacks on residents of the Netherlands and Belgium. The fake pages were disguised as the resources of large European banks - with their help, fraudsters tricked the data of bank cards. A typical attack started with a message in WhatsApp or SMS (supposedly from a bank) with a request to follow a link - as a result, the victim was directed to phishing resources.
After blocking the dangerous content, Group-IB specialists studied the cybercriminals' infrastructure in detail and contacted the Fraud Family criminal group operating according to the Fraud-as-a-Service scheme. To advertise their services, the attackers actively used Telegram: in total, about 2,000 people were subscribed to their channels.
In doing so, the group sold not only phishing kits, but also created a phishing-as-a-service platform, where hackers were asked to host phishing sites and a backend if the attackers themselves did not have the technical skills to maintaining their own infrastructure. The platform offered protection against bots to prevent cybersecurity researchers from accessing phishing sites for analysis, and also protected phishing resources from search robots and security scanners such as VirusTotal and URLScan. Prices for such hosting usually ranged from 200 to 250 euros per month.
“We identified the main team - Fraud Family, defined the roles of the participants, collected digital evidence and provided all the information to the police, which ultimately led to the arrest,” says Anton Ushakov, Deputy Head of the Group-IB High-Tech Crimes Investigation Department in Europe.
Interestingly, after the arrest of the suspects, the Dutch police informed all members of Fraud Family's Telegram channels about the incident in order to warn them against future attacks on Dutch facilities. This is not the first time that law enforcement officers from the Netherlands have warned criminals of the possible consequences. So, at the beginning of this year, law enforcement officers published warnings on popular Russian-speaking and English-language hack forums (RaidForums and XSS), stating that "the deployment of criminal infrastructure in the Netherlands is a hopeless business." @ xakep.ru
__________________