India’s Central Bureau of Investigation successfully dismantled a sophisticated transnational cybercriminal network that impersonated Microsoft technical support services, targeting vulnerable older adults primarily in Japan.
The coordinated operation on May 28, 2025, involved raids across 19 locations throughout India, resulting in the arrest of six key operatives and the shutdown of two illegal call centers that served as the operational backbone for these fraudulent schemes.
The cybercriminal enterprise utilized a complex ecosystem of malicious actors, including pop-up creators, search-engine optimizers, lead generators, and payment processors, all working in coordination to execute large-scale tech support fraud.
These sophisticated scams predominantly targeted individuals over the age of 50, with approximately 90% of the 200 identified victims falling within this demographic, exploiting their limited familiarity with cybersecurity threats and their trust in technology support services.
Microsoft researchers and analysts identified the India-based malicious infrastructure through extensive collaboration with the Japan Cybercrime Control Center, marking a significant evolution in cross-border cybercrime investigation methodologies.
The Digital Crimes Unit’s analysis revealed that these operations had achieved unprecedented scale through the integration of artificial intelligence technologies, enabling automated victim identification and the mass production of convincing malicious content.
The operation’s success stemmed from international cooperation between Indian law enforcement, Japanese cybercrime specialists, and Microsoft’s threat intelligence teams, demonstrating the critical importance of multinational partnerships in combating modern cybercrime networks.
Intelligence sharing enabled the proactive identification and takedown of approximately 66,000 malicious domains and URLs globally since May 2024, significantly disrupting the criminal infrastructure before it could claim additional victims.
AI-Enhanced Technical Infrastructure and Attack Mechanisms
The dismantled network represented a concerning evolution in cybercriminal tactics, leveraging generative artificial intelligence to scale operations with unprecedented efficiency and sophistication.
The threat actors employed AI systems to automate the creation of malicious pop-up windows that convincingly mimicked legitimate Microsoft security warnings, complete with authentic-looking error codes and professional formatting that closely resembled genuine system alerts.
These AI-enhanced capabilities extended beyond simple automation, incorporating advanced language translation services specifically designed to target Japanese-speaking victims with culturally appropriate messaging and technical terminology.
The malicious pop-ups displayed authentic-appearing security warnings in Japanese, featuring fake error codes such as “2V7HGTVB” and fraudulent support phone numbers like “(0101)-50590-37228,” which directed victims to the India-based call centers where trained operators would convince them to provide remote access to their computers and financial information.
The technical infrastructure seizure revealed sophisticated equipment including computers, storage devices, digital video recorders, and specialized telecommunications equipment designed to mask the true geographic origin of the fraudulent calls.
This operation highlighted how cybercriminals increasingly exploit AI technologies not merely as tools for automation, but as force multipliers that enable small criminal organizations to achieve global reach and impact previously reserved for much larger criminal enterprises.
Speed up and enrich threat investigations with Threat Intelligence Lookup! -> 50 trial search requests
Click Here For The Original Source.
