Group-IB supports international police operation targeting 16shop, a popular phishing-as-a-service platform

Group-IB, a global cybersecurity leader headquartered in Singapore, has participated in an international operation involving INTERPOL and national law enforcement agencies in Indonesia, Japan and the United States targeting the notorious ‘phishing-as-a-service’ (PaaS) platform 16shop, on which phishing kits were sold. The phishing kits were designed to steal credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, Cash App, and others. As a result of the special operation coordinated by INTERPOL, 16shop was shut down and its 21-year-old operator and two suspected facilitators were arrested, one in Indonesia and one in Japan. Group-IB’s Cyber Investigation team in the Asia-Pacific region helped to track down the suspect and identify the victims.

The arrest marked the culmination of intensive intelligence sharing between the INTERPOL cybercrime directorate, national law enforcement in Indonesia, Japan, and the United States, and private sector partners including Group-IB.

Data collected by Group-IB indicate that more than 150,000 phishing domains were created using the phishing kits in question. The phishing kits sold on 16shop were utilized to target users in Germany, Japan, France, the USA, the UK, Thailand and other countries. Phishing kits represent archive files with a set of scripts that ensure the work of a phishing website. This toolset enables cybercriminals with modest programming skills to deploy phishing pages quickly and in large numbers, often using them as substitutes for each other.

According to Group-IB, the phishing kits in question had been traded on the cybercriminal underground since at least November 2017. The phishing kits were being sold at a relatively modest price of US $60-150 depending on the targeted brand. As such, fake pages mimicking Amazon were offered for $60, and phishing pages targeting the users of American Express – for $150. The developers of the phishing kits ensured the localization of phishing pages in more than 8 languages. A victim would see relevant phishing content depending on their geolocation. This feature allowed the buyers of these phishing kits to target victims almost anywhere in the world. Group-IB’s Cyber Investigation unit supported the operation by analyzing the infrastructure used by the suspect and collecting their digital traces to ultimately establish their identity. Group-IB’s experts also helped to identify some victims in Indonesia.

The INTERPOL team compiled and dispatched a criminal intelligence report to the Indonesian National Police’s Directorate of Cyber Crimes, which allowed national law enforcement to apprehend a suspected 21-year-old administrator in 2022, seizing electronic items and several luxury vehicles in the process. Following the successful apprehension of the administrator, further information was shared between the National Police Agency of Japan and the Indonesian National Police resulting in the identification and arrest of two suspected facilitators.

“Cyberattacks such as phishing may be borderless and virtual in nature, but their impact on victims is real and devastating. In recent years, we have seen an unprecedented increase in both the number of cyber threats and their sophistication, with attacks becoming more tailored as criminals aim for maximum impact, and maximum profit.”

Bernardo Pillot
Bernardo Pillot

INTERPOL’s Assistant Director of Cybercrime Operations

“The campaign targeting 16shop is yet another operation that aligns closely with Group-IB’s mission of fighting cybercrime worldwide. This is a great example of cross-border collaboration and swift threat intelligence sharing – the only way forward to reduce the global impact of cybercrime. Group-IB’s Threat Intelligence platform allows us to spot phishing resources as they appear and continuously track phishing kits traded in the underground. And we will continue to leverage our technologies and a global threat-hunting network to make cyberspace safer.”

Dmitry Volkov
Dmitry Volkov

CEO at Group-IB

Group-IB has been an active partner in global anti-cybercrime actions led by INTERPOL since 2017 when it signed a data-sharing agreement with INTERPOL. It marks the second INTERPOL operation involving Group-IB experts this summer. In July, Group-IB’s Cyber Investigation and Threat Intelligence units participated in Operation Nervone. Under the auspices of Operation Nervone, authorities in Côte d’Ivoire were able to arrest a key suspect linked to attacks against financial institutions across Africa carried out by a cybercriminal syndicate dubbed OPERA1ER by Group-IB.

About Group-IB

Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), and Europe (Amsterdam).

Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat IntelligenceManaged XDRDigital Risk ProtectionFraud ProtectionAttack Surface ManagementBusiness Email ProtectionAudit & ConsultingEducation & TrainingDigital Forensics & Incident ResponseManaged Detection & Response, and Cyber Investigations.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.

Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.