The FBI has revealed that 42,000 phishing domains were linked to the LabHost phishing-as-a-service (PhaaS) platform. This operation, which lasted from November 2021 to April 2024, targeted millions of victims worldwide before being disabled by law enforcement. LabHost, one of the largest PhaaS providers, allowed cybercriminals to impersonate over 200 legitimate organizations, including banks, streaming platforms, and government agencies. This service enabled a variety of phishing attacks, ranging from customized websites to smishing (SMS phishing) services designed to steal personal and financial data.
At its peak, LabHost had nearly 10,000 users who paid for access to a range of sophisticated tools, including infrastructure support and adversary-in-the-middle proxy connections.
Once victims submitted personal information to LabHost phishing sites, it was harvested and directly delivered to attackers. The platform’s infrastructure stored over a million credentials and nearly half a million compromised credit cards, leading to widespread financial theft, fraud, and money laundering. Investigators believe more than one million individuals across the globe may have fallen victim to these attacks.
The 42,000 domains uncovered by the FBI represent only a portion of the platform’s far-reaching impact.
The FBI obtained the list of phishing domains from LabHost’s backend servers during a coordinated law enforcement action. They issued a public FLASH alert to raise awareness among cybersecurity professionals, offering indicators of compromise (IOCs) to help defenders protect organizations. Authorities have advised that any historical connections to these domains should trigger investigations, as some of the domains may still pose a threat.
The FBI’s investigation into LabHost highlights the growing threat of commercialized cybercrime platforms. It also underscores the importance of collaboration with industry partners and the public in combating these threats. By reviewing network logs, blacklisting suspicious domains, and staying vigilant, organizations can better defend themselves against these evolving attacks. The FBI’s efforts demonstrate their commitment to disrupting criminal infrastructure and safeguarding digital spaces for individuals and organizations worldwide.
Reference:
