Europol teams up with state police to disrupt major phishing network

A cybersecurity icon projecting from a laptop screen.

(Image credit: Shutterstock / song_about_summer)

A major phishing-as-a-service service has been disrupted, its infrastructure dismantled, and its operators arrested in a major operation headed up by Europol.

Announcing the takedown, Europol said it took down LabHost, a phishing kit that provided infrastructure for hosting pages, interactive functionality for directly engaging with victims, and campaign overview services, for a monthly fee of, on average, $249.

Furthermore, LabHost offered a menu of more than 170 fake websites that served as convincing phishing pages. Users would be able to choose from these pages and use them in their fraud campaigns.

Phishing domains

But perhaps the most destructive part of LabHost’s operation is its integrated campaign management tool, LabRat. This tool, Europol explains, allowed cybercriminals to monitor and control their attack campaigns in real time. With LabRat, they were able to grab multi-factor authentication (MFA) codes, passwords, and other login credentials, successfully bypassing even the most sophisticated security measures.

During the operation, law enforcement operatives searched 70 addresses and arrested 37 suspects. Among those are four individuals in the United Kingdom, who are accused of running the site and developing the service. The UK’s London Metropolitan Police led the operation, with the support of Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT).

The investigation uncovered at least 40 000 phishing domains linked to LabHost, Europol said, adding that these had roughly 10 000 users worldwide.

Besides Europol and the UK police, other agencies participated in the operation, including those from Australia, Austria, Belgium, Finland, Ireland, The Netherlands, New Zealand, Lithuania, Malta, Poland, Portugal, Romania, Spain, Sweden, the US, Czech Republic, Estonia, and Canada.

Europol did not unveil the identities of the arrested individuals, but it did say that it gathered a “vast amount” of data throughout the investigation.

“This data will be used to support ongoing international operational activities focused on targeting the malicious users of this phishing platform.”

More from TechRadar Pro

A new phishing kit is targeting Gmail and Microsoft email accounts — and it can even bypass 2FA
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.