International Cooperation Leads to Disruption of Notorious Phishing Service, BulletProftLink, and Arrest of Eight Suspects

Police – Accident – Death – Obituary News : A notorious phishing service that provided cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted in a joint operation involving authorities from Malaysia, Australia, and the United States. The PhaaS platform, known as BulletProftLink, had been in operation for several years and had amassed a large customer base engaged in various forms of online fraud. This posed a significant threat to individuals and businesses alike.

The successful operation, announced by the Royal Malaysian Police Inspector-General Tan Sri Razarudin Husain on November 8, 2023, resulted in the arrest of eight suspects, ranging in age from 29 to 56. One of the key figures apprehended was 36 years old. In addition to the arrests, authorities seized servers, computers, jewelry, vehicles, and cryptocurrency wallets containing approximately 1 million Malaysian ringgit (equivalent to around US $213,000), according to a report by Intel471.

The collaboration between the Royal Malaysian Police, the Australian Federal Police, and the U.S. FBI played a crucial role in dismantling BulletProftLink. The platform had gained notoriety for its durability and popularity, offering a range of services such as phishing kits, scam page templates, and automated solutions through single-payment or subscription models.

The international cooperation demonstrated in this operation highlights the importance of coordinated efforts in combating cybercrime. BulletProftLink’s extensive reach and impact were evident in its statistics, boasting over 8,138 active clients and 327 phishing page templates as of April 2023. These phishing templates targeted a range of organizations including Microsoft Office, DHL, Naver, American Express, Bank of America, Consumer Credit Union, and Royal Bank of Canada.

The article also reveals the evolving tactics employed by BulletProftLink. The platform integrated the Evilginx2 source code into its inventory, enabling threat actors to conduct adversary-in-the-middle (AITM) phishing attacks. This technique not only captured login credentials but also session tokens, bypassing multifactor authentication and presenting a heightened risk for enterprises.

The operational security lapses of both the threat actor behind BulletProftLink, identified as AnthraxBP (also known as TheGreenMY and AnthraxLinkers), and the platform’s developers played a significant role in their downfall. Cybersecurity professionals were able to uncover real-world identities, addresses, and even family details through publicly available information. Furthermore, the BulletProftLink developers made the mistake of posting code related to the phishing operation on public platforms like GitHub. Disgruntled customers also compromised security by revealing Bitcoin addresses used for payments, exposing invoices, and even disclosing the age of one customer, who was only 15 years old.

The joint effort to dismantle BulletProftLink marks a major step in combating cybercrime-as-a-service operations. It underscores the significance of international cooperation and coordinated law enforcement efforts in creating a safer online environment. By disrupting this notorious phishing service, authorities have dealt a blow to cybercriminals and contributed to the protection of individuals and businesses from online fraud.

[SafeGuard](https://www.continuitysoftware.com/webinar-ensure-cyber-resilient-with-the-new-dora-regulation/?utm_source=CyberSecurityNews) – Protect Your Storage With SafeGuard: StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices. Try StorageGuard for Free.

[Patch Manager Plus](https://www.manageengine.com/patch-management/?utm_source=GBHackers&utm_medium=Website-CPM&utm_campaign=PMP-300×600) – The one-stop solution for automated updates of over 850 third-party applications. Try Free Trial..