Police dismantles cellphone unlocking ring linked to 483,000 victims

A joint regulation enforcement operation has dismantled a world legal community that used the iServer automated phishing-as-a-service platform to unlock the stolen or misplaced cellphones of 483,000 victims worldwide. 

The worldwide operation, codenamed “Operation Kaerb,” started in 2022 after Europol obtained data from cybersecurity agency Group-IB, which contributed to figuring out the victims and the criminals behind the phishing community.

In keeping with Group-IB’s findings, the iServer platform automated phishing assaults by creating malicious pages that mimicked fashionable cloud-based cellular platforms.

“Operation Kaerb” concerned regulation enforcement and judicial authorities from Spain, Argentina, Chile, Colombia, Ecuador, and Peru.

They found 483,000 victims globally, primarily Spanish-speaking people from Europe, North America, and South America, who had been phished whereas making an attempt to regain entry to their gadgets.

iServer's crimeware-as-a-service model
iServer’s crimeware-as-a-service mannequin (Group-IB)

Throughout a coordinated motion week from September 10 to 17, regulation enforcement authorities arrested 17 suspects throughout Argentina, Chile, Colombia, Ecuador, Peru, and Spain, carried out 28 searches, and seized 921 objects, together with cellphones, digital gadgets, automobiles, and weapons. 

The operation additionally led to the arrest of the phishing platform’s administrator, an Argentinian nationwide who had been working the service for 5 years.

Since 2018, the iServer phishing platform has been offering phishing-as-a-service to low-skilled criminals referred to as “unlockers,” who used it to steal credentials from victims by way of phishing emails, SMS, or voice calls.

In these phishing assaults, they harvested all the info wanted to unlock telephones (together with system passwords, consumer credentials, and private data), bypass “Lost Mode,” and illegally unlink gadgets from their house owners.

SMS message received by one iServer victim
SMS message obtained by one iServer sufferer (Group-IB)

“The criminal sold access to his website and charged extra costs for phishing, SMS, emails or call performing,” Europol stated. “Criminal users of the platform –or “unlockers”– provided phone unlocking services to other criminals in possession of stolen phones.”

Over 2,000 unlockers had been registered on the platform, and the investigation revealed that the legal community had focused over 1.2 million telephones globally, claiming roughly 483,000 victims in whole.

Europol’s European Cybercrime Centre (EC3) and the Specialised Cybercrime Centre of Ameripol coordinated the worldwide operation, marking the primary time the 2 organizations labored collectively on such a case.

Recent articles