The Royal Malaysian Police, in collaboration with the FBI and the Australian Federal Police, successfully shut down the notorious BulletProofLink phishing-as-a-service (PhaaS) platform. The joint international operation led to the arrest of eight individuals, including the mastermind, who were apprehended in various locations, including Kuala Lumpur, Sabah, Selangor, and Perak.
Furthermore, the authorities seized approximately RM960,000 from an e-wallet, along with other valuables, during a simultaneous raid. The operation revealed the extensive phishing campaigns orchestrated by BulletProofLink since 2015, offering affordable PhaaS services and employing a “double theft” tactic to maximize profits.
Additionally, Microsoft researchers initially discovered BulletProofLink’s large-scale phishing-as-a-service (PHaaS) operation in September 2021, exposing its provision of phishing kits, email templates, hosting, and automated services for conducting phishing attacks. The platform was known for its accessibility, enabling threat actors to execute phishing campaigns without specific technical capabilities.
BulletProofLink’s operation, documented in October 2020, provided numerous phishing templates emulating popular brands, contributing to many phishing campaigns affecting enterprises. The cybercriminal group operated an online store advertising services costing up to $800 per month, with additional incentives like a 10% welcome discount for newsletter subscribers.
At the same time, a distinctive aspect of BulletProofLink’s large-scale phishing campaign was the “double theft” tactic, where credentials stolen by customers using the PhaaS service were also sent to a server controlled by the operators. This tactic allowed the operators to maintain control over all credentials, maximizing profits by selling victims’ credentials in the cybercrime underground.
Microsoft emphasized that such practices highlight the operators’ strategy to assure stolen data, access, and credentials are utilized in various ways, ultimately contributing to the underground economy. The successful takedown underscores the ongoing challenges authorities face in combating sophisticated cybercrime operations.