International law enforcement, led by the FBI Atlanta Field Office and Indonesian police, dismantled the W3LL phishing infrastructure that enabled credential theft and attempted fraud exceeding $20 million. The takedown targeted a phishing-as-a-service ecosystem including the W3LLSTORE marketplace and tools used to target corporate accounts such as Microsoft 365, and authorities seized domains and detained the suspected developer. #W3LL #W3LLSTORE #GroupIB #Microsoft365
Keypoints
- An international operation led by the FBI Atlanta Field Office and Indonesian law enforcement disrupted the W3LL phishing infrastructure.
- W3LL operated as a phishing-as-a-service platform sold for about $500 and was used by roughly 500 threat actors.
- The W3LLSTORE marketplace traded over 25,000 compromised accounts between 2019 and 2023 and continued via encrypted channels after shutdown.
- W3LL used adversary-in-the-middle techniques to capture authentication tokens and bypass multi-factor authentication, facilitating business email compromise.
- Authorities seized domains and infrastructure and detained the suspected developer known as “G.L.,” disrupting a global campaign tied to tens of thousands of phishing attempts and over $20 million in attempted fraud.
Read More: https://thecyberexpress.com/authorities-dismantle-w3ll-phishing-kit/