The FBI Atlanta Field Office and Indonesian authorities dismantled the W3LL global phishing platform, seized its infrastructure, and arrested the alleged developer in the first coordinated U.S.–Indonesia enforcement action against a phishing kit developer. W3LL operated as a $500 phishing kit and marketplace that harvested credentials and session cookies to bypass MFA and enable large-scale BEC fraud, targeting services including Microsoft 365. #W3LL #Microsoft365
Keypoints
- Authorities seized the w3ll.store domain and related infrastructure in a coordinated operation.
- W3LL sold a $500 phishing kit that created convincing replicas of corporate login portals.
- The kit used adversary-in-the-middle techniques to capture credentials, MFA codes, and session cookies.
- Operators facilitated the sale of over 25,000 compromised accounts and continued activity via encrypted messaging.
- W3LL was tied to Microsoft 365-targeted campaigns and supported end-to-end business email compromise and invoice fraud.