Group-IB supports international police operation targeting 16shop

Group-IB, a global cybersecurity leader headquartered in Singapore, has participated in an international operation involving INTERPOL and national law enforcement agencies in Indonesia, Japan and the United States targeting the notorious ‘phishing-as-a-service’ (PaaS) platform 16shop, on which phishing kits were sold. The phishing kits were designed to steal credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, Cash App, and others. As a result of the special operation coordinated by INTERPOL, 16shop was shut down and its 21-year-old operator and two suspected facilitators were arrested, one in Indonesia and one in Japan. Group-IB’s Cyber Investigation team in the Asia-Pacific region helped to track down the suspect and identify the victims.

The arrest marked the culmination of intensive intelligence sharing between the INTERPOL cybercrime directorate, national law enforcement in Indonesia, Japan, and the United States, and private sector partners including Group-IB.

Data collected by Group-IB indicate that more than 150,000 phishing domains were created using the phishing kits in question. The phishing kits sold on 16shop were utilized to target users in Germany, Japan, France, the USA, the UK, Thailand and other countries. Phishing kits represent archive files with a set of scripts that ensure the work of a phishing website. This toolset enables cybercriminals with modest programming skills to deploy phishing pages quickly and in large numbers, often using them as substitutes for each other.

According to Group-IB, the phishing kits in question had been traded on the cybercriminal underground since at least November 2017. The phishing kits were being sold at a relatively modest price of US $60-150 depending on the targeted brand. As such, fake pages mimicking Amazon were offered for $60, and phishing pages targeting the users of American Express – for $150. The developers of the phishing kits ensured the localization of phishing pages in more than 8 languages. A victim would see relevant phishing content depending on their geolocation. This feature allowed the buyers of these phishing kits to target victims almost anywhere in the world. Group-IB’s Cyber Investigation unit supported the operation by analyzing the infrastructure used by the suspect and collecting their digital traces to ultimately establish their identity. Group-IB’s experts also helped to identify some victims in Indonesia.

The INTERPOL team compiled and dispatched a criminal intelligence report to the Indonesian National Police’s Directorate of Cyber Crimes, which allowed national law enforcement to apprehend a suspected 21-year-old administrator in 2022, seizing electronic items and several luxury vehicles in the process. Following the successful apprehension of the administrator, further information was shared between the National Police Agency of Japan and the Indonesian National Police resulting in the identification and arrest of two suspected facilitators.

“Cyberattacks such as phishing may be borderless and virtual in nature, but their impact on victims is real and devastating. In recent years, we have seen an unprecedented increase in both the number of cyber threats and their sophistication, with attacks becoming more tailored as criminals aim for maximum impact, and maximum profit.”

Bernardo Pillot

INTERPOL’s Assistant Director of Cybercrime Operations

“The campaign targeting 16shop is yet another operation that aligns closely with Group-IB’s mission of fighting cybercrime worldwide. This is a great example of cross-border collaboration and swift threat intelligence sharing – the only way forward to reduce the global impact of cybercrime. Group-IB’s Threat Intelligence platform allows us to spot phishing resources as they appear and continuously track phishing kits traded in the underground. And we will continue to leverage our technologies and a global threat-hunting network to make cyberspace safer.”

Dmitry Volkov

CEO at Group-IB

Group-IB has been an active partner in global anti-cybercrime actions led by INTERPOL since 2017 when it signed a data-sharing agreement with INTERPOL. It marks the second INTERPOL operation involving Group-IB experts this summer. In July, Group-IB’s Cyber Investigation and Threat Intelligence units participated in Operation Nervone. Under the auspices of Operation Nervone, authorities in Côte d’Ivoire were able to arrest a key suspect linked to attacks against financial institutions across Africa carried out by a cybercriminal syndicate dubbed OPERA1ER by Group-IB.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB supports international police operation targeting 16shop, a popular phishing-as-a-service platform