Minerva Studio - stock.adobe.com
An Interpol-coordinated cyber operation against a strain of malware targeting e-commerce websites has identified hundreds of compromised websites and led to the arrest of three individuals who were allegedly running the malicious campaign from Indonesia.
Dubbed Operation Night Fury, the operation was conducted with the support of cyber security firm Group-IB, which provided data on the reach of the malware that has infected websites in several countries including Indonesia, Australia, UK, US, Germany and Brazil. Group-IB also supported the investigation with digital forensics expertise to help identify the suspects.
The Interpol’s ASEAN Cyber Capability Desk has since disseminated cyber activity reports to the affected countries, highlighting the threat to support their national investigations, including information on C2 servers and infected websites located in six countries in the Association of Southeast Asian Nations (ASEAN) region.
At the request of Indonesian police, Interpol provided technical and operational support that resulted in the arrest of three individuals suspected of commanding the C2 servers in the country. The investigation revealed the suspects were using the stolen payment card details to purchase electronic goods and other luxury items, then reselling them for a profit. They have been charged with the theft of electronic data, which carries up to a 10-year jail sentence in accordance with Indonesia’s criminal code.
“Strong and effective partnerships between police and the cyber security industry are essential to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cyber threat landscape,” said Craig Jones, Interpol’s director of cyber crime.
“This successful operation is just one example of how law enforcement is adapting and applying new technologies to aid investigations, and ultimately reduce the global impact of cyber crime,” he added.
Read more about cyber security in APAC
- More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on in 2020.
- The raw data of thousands of payment cards issued by Singapore banks was stolen by the online equivalent of a traditional card sniffer.
- A Russian-speaking APT group has extended its reach into Asia-Pacific, taking off with millions of dollars of stolen funds from banks in the region.
- A renowned ethical hacker in Malaysia has called for more nations to support the Paris Call for Trust and Security in Cyberspace to counter the threat of cyber warfare.
In Singapore, local authorities identified and took down two of the C2 servers. Investigations in other ASEAN countries are ongoing, with the Interpol continuing to support police in locating C2 servers and infected websites, and identifying the cyber criminals involved.
“It is a great example of coordinated cross-border anti-cyber crime effort, and we are proud that our threat intelligence and digital forensics expertise helped to establish the suspects. We hope this will set a precedent for law enforcement in other jurisdiction too,” she added.
During their analysis of underground card shops, Group-IB’s threat hunting team discovered a spike in the sale of raw data of 4,166 compromised payment cards – including CVV, card number and expiration date – issued by Singapore banks.
Group-IB said the data was uploaded in April 2019, and that the spike took place on 1 April when a database containing data on 1,726 compromised cards was put up. The mean figure from January to August 2019 was 2,379 cards per month.