Security News > 2021 > November > Ukraine arrests ‘Phoenix’ hackers behind Apple phishing attacks

The Security Service of Ukraine has arrested five members of the international 'Phoenix' hacking group who specialize in the remote hacking of mobile devices.
The goal of 'Phoenix' was to gain remote access to the accounts of mobile device users and then monetize them by hijacking their e-payment or bank accounts or selling their private information to third parties.
To steal mobile accounts of mobile device users, the actors used phishing sites that were clones of Apple's and Samsung's login portals.
The hackers also offered remote mobile phone hacking services to others, charging between $100 and $200. Finally, the group was also unlocking stolen or lost devices made by Apple, tied to the original purchaser by locking them to the first account created on the device.
The police have conducted five searches in each arrest location, seizing computer equipment, mobile phones, specialized software, and hardware.
Ukraine has been actively cracking down on cybercrime activity originating from their country, with recent arrests of ransomware members, money launderers, and threat actors behind DDoS attacks.
News URL
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)