An Interpol-coordinated cyber operation against a strain of malware targeting e-commerce websites has identified hundreds of compromised websites and led to the arrest of three individuals who were allegedly running the malicious campaign from Indonesia.
Dubbed Operation Night Fury, the operation was conducted with the support of cyber security firm Group-IB, which provided data on the reach of the malware that has infected websites in various locations, including in Indonesia, Australia, UK, US, Germany and Brazil. Group-IB also supported the investigation with digital forensics expertise to help identify the suspects.
The Interpol’s ASEAN Cyber Capability Desk has since disseminated cyber activity reports to the affected countries, highlighting the threat to support their national investigations. These include C2 servers and infected websites located in six countries in the Association of Southeast Asian Nations (ASEAN) region.
At the request of the Indonesian National Police, the Interpol provided technical and operational support that resulted in the arrest of three individuals suspected of commanding the C2 servers in the country.
The investigation revealed the suspects were using the stolen payment card details to purchase electronic good and other luxury items, then reselling them for a profit. They have been charged with the theft of electronic data, which carries up to a 10-year jail sentence in accordance with Indonesia’s criminal code.
“Strong and effective partnerships between police and the cyber security industry are essential to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cyber threat landscape,” said Craig Jones, Interpol’s director of cyber crime.
“This successful operation is just one example of how law enforcement is adapting and applying new technologies to aid investigations, and ultimately reduce the global impact of cyber crime,” he added.
In Singapore, local authorities identified and took down two of the C2 servers. Investigations in other ASEAN countries are ongoing, with the Interpol continuing to support police in locating C2 servers and infected websites, and identifying the cyber criminals involved.
“It is a great example of coordinated cross-border anti-cyber crime effort, and we are proud that our threat intelligence and digital forensics expertise helped to establish the suspects. We hope this will set a precedent for law enforcement in other jurisdiction too,” she added.
During their analysis of underground card shops, Group-IB’s threat hunting team discovered a spike in the sale of raw data of 4,166 compromised payment cards – including CVV, card number and expiration date – issued by Singapore banks.
Group-IB said the data was uploaded in April 2019, and that the spike took place on 1 April when a database containing data on 1,726 compromised cards was put up. The mean figure from January to August 2019 was 2,379 cards per month.