Security News > 2021 > November > Ukraine arrests ‘Phoenix’ hackers behind Apple phishing attacks

The Security Service of Ukraine has arrested five members of the international 'Phoenix' hacking group who specialize in the remote hacking of mobile devices.
The goal of 'Phoenix' was to gain remote access to the accounts of mobile device users and then monetize them by hijacking their e-payment or bank accounts or selling their private information to third parties.
To steal mobile accounts of mobile device users, the actors used phishing sites that were clones of Apple's and Samsung's login portals.
The hackers also offered remote mobile phone hacking services to others, charging between $100 and $200. Finally, the group was also unlocking stolen or lost devices made by Apple, tied to the original purchaser by locking them to the first account created on the device.
The police have conducted five searches in each arrest location, seizing computer equipment, mobile phones, specialized software, and hardware.
Ukraine has been actively cracking down on cybercrime activity originating from their country, with recent arrests of ransomware members, money launderers, and threat actors behind DDoS attacks.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple warns 'extremely sophisticated attack' may be targeting iThings (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)