Security News > 2021 > July > Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing
A Moroccan man suspected of being "Dr HeX" - the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding - has been arrested.
Interpol announced the bust - which took place in Morocco in May - on Tuesday, describing it as the result of a joint two-year probe dubbed Operation Lyrebird that saw Interpol working closely with the Moroccan police and security firm Group-IB. The unnamed suspect allegedly helped to develop carding and phishing kits to sell on criminal online forums.
As described in Interpol's announcement, the buyers of Dr HeX's carding and phishing kits used them to masquerade as online-banking facilities, allowing the suspect and others "To steal sensitive information and defraud trusting individuals for financial gain, with the losses of individuals and companies published online in order to advertise these malicious services."
The starting point for Group-IB researchers' quest to track down and to unmask Dr HeX was the extraction of a phishing kit, which is a tool used to create phishing web pages.
Almost all of the scripts contained in the phishing kit were signed with the signature of their creator, Dr HeX, and had a contact email address.
Dr HeX liked that nickname quite a bit: Group-IB researchers found that the alleged attacker's YouTube channel was signed under that same name.
News URL
https://threatpost.com/dr-hex-hacker-busted-phishing/167597/
Related news
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)