Operation Ghost Hook: Takedown of a Massive Cybercrime Network
The FBI, in collaboration with Google and Lumen Technologies, has successfully dismantled a major cybercrime network based in China, which was responsible for an estimated $1.9 billion in losses, according to officials. The network, known as Outsider, provided phishing kits and hosted infrastructure for cybercriminals since July 2023, facilitating a wave of phishing attacks against people and businesses in 55 countries, including the United States.
The jointly coordinated effort, dubbed Operation Ghost Hook, resulted in the seizure of several domains of the group's core admin servers, a Shopify storefront, roughly $100,000 from Outsider payment wallets, and thousands of domains registered through U.S.-based providers. The FBI also used an Outsider Telegram bot to access information on the cybercrime network's customers.
The Scope of the Operation
According to the FBI, the criminals behind Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims. Authorities traced Outsider's phishing domains to nearly 3.9 million stolen credit cards. Google, one of the vendors impersonated by the phishing kits, described Outsider as a massive AI-powered operation.
Outsider provided its phishing kit, which allowed cybercriminals to create fake sites and phishing campaigns to steal credit cards, bank account credentials, and personal data, for a weekly subscription as low as $88 per week. The China-based group behind the operation encouraged and provided step-by-step instructions for customers to use Gemini and other AI platforms to generate custom code for phishing lures and corresponding sites for illegitimate missed packages, overdue highway tolls, parking violations, issues with a brokerage account, or wireless carrier rewards.
Techniques Used by Outsider
The Outsider software allowed scammers to request multiple types of verification from victims, including SMS, PIN, email, and app verification. This flexibility enabled the enterprise to defeat various forms of authentication security. Google is working with AT&T, T-Mobile, and Verizon to intercept the spam messages before they reach customers, but these types of phishing attacks are prevalent and have been spreading for years.
Google is also pushing for legislative action, including a series of bills, to combat these scams.
Litigation alone won't end this, as threats evolve, our laws must, too.said General Counsel Halimah DeLaine Prado in a blog post.
Operation Riptide and the Future of Cybercrime
The FBI said the takedown was part of Operation Riptide, an ongoing campaign targeting cybercriminals and the infrastructure and financial networks they use to commit fraud. Google said it doesn't know the real names of the people or entities involved in Outsider, but said the operation is supported by multiple cybercrime groups providing different roles with overlapping infrastructure.
The takedown of Outsider is a significant victory in the fight against cybercrime, but it also highlights the need for continued efforts to combat these types of threats. As the cybercrime landscape continues to evolve, it is essential for law enforcement, private companies, and individuals to work together to stay ahead of these threats and protect against future attacks.
- Operation Ghost Hook: a jointly coordinated effort to take down the Outsider cybercrime network
- Operation Riptide: an ongoing campaign targeting cybercriminals and their infrastructure
- Outsider: a China-based cybercrime network responsible for an estimated $1.9 billion in losses
Source: CyberScoop