Interpol arrests Moroccan hacker involved in illegal cyber activities
Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
The two-year investigation, dubbed Operation Lyrebird by the international, intergovernmental organization, resulted in the arrest of a Moroccan citizen nicknamed Dr HeX, cybersecurity firm Group-IB disclosed today in a report shared with The Hacker News.
Dr HeX is said to have been “active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims,” the Singapore-headquartered company said.
The cyber attacks involved deploying a phishing kit consisting of web pages that spoofed banking entities in the country, followed by sending mass emails mimicking the targeted companies, prompting email recipients to enter login information on the rogue website.
The credentials entered by unsuspecting victims on the fake web page were then redirected to the perpetrator’s email. At least three different phishing kits presumably developed by the threat actor have been extracted.
The phishing kits were also “sold to other individuals through online forums to allow them to facilitate similar malicious campaigns against victims,” Interpol said in a statement. “These were then used to impersonate online banking facilities, allowing the suspect and others to steal sensitive information and defraud trusting individuals for financial gain, with the losses of individuals and companies published online in order to advertise these malicious services.”
In all, Dr Hex’s digital footprint left a tell-tale trail of malicious activities over a period stretching between 2009 and 2018, during when the attacker defaced no fewer than 134 web pages, along with creating posts on different underground forums devoted to malware trading and evidence suggesting his involvement in attacks on French corporations to steal financial information.
