Trend Micro Incorporated, a global cybersecurity company has achieved another significant victory through its strong collaboration with law enforcement by dismantling a prolific phishing-as-a-service (PaaS) operation.
Zaheer Ebrahim, Solutions Architect for Middle East and Africa at Trend, stated, “Trend’s enduring partnership with INTERPOL prompted an immediate response to their request for assistance. This successful takedown underscores the potency of public-private alliances fueled by robust threat intelligence in global cybercrime investigations.”
INTERPOL first engaged Trend Micro in 2020 to provide threat intelligence on the PaaS site 16shop. This platform offered phishing kits that simplified entry for emerging cybercriminals, facilitating scalable scam campaigns.
Trend’s investigation revealed and relayed to INTERPOL that:
– 16shop-fueled attacks were notably widespread in Japan, the US, and Germany.
– 16shop customers could create phishing pages targeting Amazon, American Express, PayPal, Apple, CashApp credentials, and US banking logins.
– Phishing kits adjusted the language of phishing sites based on victims’ locations.
– Anti-sandboxing and geolocated access restrictions were incorporated to evade analysis.
– 16shop’s web infrastructure was dispersed across multiple legitimate cloud providers to evade detection.
– The site remained active from 2018 to at least 2021, with the probable emergence of copycat sites afterward.
As per INTERPOL, Trend’s threat intelligence report directly contributed to the arrest of the suspected 16shop administrator and two accomplices in Indonesia and Japan. 16shop enabled phishing against 70,000 victims in 43 countries.
Trend Micro’s steadfast support of INTERPOL in this operation builds on prior collaborations, including 2022’s Operation African Surge, along with numerous training sessions conducted for law enforcement agencies since 2014, including a recent five-day course held in Manila.