Eight arrested over phishing kits targeting Australian Government websites

It was alleged officers identified a server which held more than 16 virtual machines that ran a variety of operating systems and services to support the hosting service.

Malaysian authorities have arrested eight people for their alleged role in an international criminal syndicate which developed phishing kits targeting Australian Government websites.

The AFP’s Joint Policing Cybercrime Coordination Centre (JPC3) developed and provided intelligence to the Royal Malaysian Police (RMP), which identified a Malaysian national advertising phishing kits targeting the Australian Government’s myGov website.

The intelligence outlined the operation and architecture of the phishing service, and identified a connection with a ‘bulletproof’ hosting service to facilitate the criminal activity.

- Advertisement -

It was alleged the kits contained phishing templates and scripts replicating government websites in Malaysia, Australia and the United States, and were being sold to cybercriminals to allow them to send phishing attacks and obtain victims’ credentials.

Image: AFP intelligence leads to eight arrests (Source: AFP)

AFP Acting Detective Superintendent Darryl Parrish said Australians lost over $24.6 million to phishing attacks last year.

“Cybercriminals will use any tools and tricks to exploit people for their own profit – in this case, it is mimicking trusted government websites,” Acting Det-Supt Parrish said.

“The AFP is committed to working with our valued law enforcement partners to track down cybercriminals and bring them to justice, regardless of where they are in the world.

“This case highlights how vital it is for law enforcement agencies to share intelligence and resources globally, as crime is borderless.”

In a separate investigation, the Federal Bureau of Investigations (FBI) linked the ‘bulletproof’ hosting service to an alleged organised criminal syndicate.

Further enquiries by the RMP, FBI and the AFP revealed a Malaysian man, 35 who advertised the kits had used the services of a Malaysian-based technology park to physically host a number of computer servers and hardware responsible for the ‘bulletproof’ hosting service.

- Advertisement -

RMP officers arrested the man following a search warrant of his home in Borneo on 6 November, 2023, with officers identifying a large number of usernames, passwords and cryptocurrency wallet seed phrases during the search. FBI officers assisted with this activity.

Simultaneously, RMP members executed a search warrant at the technology park, with the RMP seizing four servers, power cables, monitors and a modem. The AFP assisted with this activity.

The man, and seven other individuals who were allegedly mules for the man, were arrested and charged under Malaysian law.

It was alleged officers identified a server which held more than 16 virtual machines that ran a variety of operating systems and services to support the hosting service.

Investigators seized more than 60 terabytes of data across the police activity, including three servers and one network storage device.

Image: AFP intelligence leads to eight arrests (Source: AFP)

Bukit Aman Commercial Crime Investigation Department Director Datuk Seri Ramli Mohamed Yoosuf thanked AFP and FBI members for their collaboration.

“We believe that we should continue to synergise our resources in facing current and future challenges of ICT-driven technologies,” he said.

“The recent operations involving the three agencies to bust an online syndicate was a manifestation of this.”

FBI Legal Attaché Canberra Nitiana Mann said the FBI continues to work alongside our international partners to combat malicious cyber threats.

“We will continue to pursue cybercriminals for their reckless actions wherever they may be located in the world,” she said.

The JPC3 is a partnership between the AFP, Australian state policing agencies, foreign law enforcement, government, and the private sector that was established in March 2022 to effectively combat cybercrime impacting Australians.

Support Our Journalism

Global Indian Diaspora needs fair, non-hyphenated, and questioning journalism, packed with on-ground reporting. The Australia Today – with exceptional reporters, columnists, and editors – is doing just that. Sustaining this needs support from wonderful readers like you.

Whether you live in Australia, the United Kingdom, Canada, the United States of America, or India you can take a paid subscription by clicking Patreon. Buy an annual ‘The Australia Today Membership’ to support independent journalism and get special benefits.