Security News > 2021 > July > Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities
Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
The cyber attacks involved deploying a phishing kit consisting of web pages that spoofed banking entities in the country, followed by sending mass emails mimicking the targeted companies, prompting email recipients to enter login information on the rogue website.
The phishing kits were also "Sold to other individuals through online forums to allow them to facilitate similar malicious campaigns against victims," Interpol said in a statement.
The scripts included in the phishing kit contained the name Dr HeX and the individual's contact email address, using which the cybercriminal was eventually identified and deanonymized, in the process uncovering a YouTube channel as well as another name used by the adversary to register at least two fraudulent domains that were used in the attacks.
In all, Dr Hex's digital footprint left a tell-tale trail of malicious activities over a period stretching between 2009 and 2018, during when the threat actor defaced no fewer than 134 web pages, along with finding posts created by the attacker on different underground forums devoted to malware trading and evidence suggesting his involvement in attacks on French corporations to steal financial information.
"The suspect, in particular, promoted so-called Zombi Bot, which allegedly contained 814 exploits, including 72 private ones, a brute-forcer, webshell and backdoor scanners, as well as functionality to carry out DDoS attacks," Group-IB CTO Dmitry Volkov told The Hacker News.