BleepingComputer reports that a Madrid-based cybercrime operation that has amassed more than 5,000,000 in phishing, social engineering, and smishing attacks against 200 North American firms and individuals was successfully disrupted in a joint operation by the U.S. Secret Service and Spain's National Police.
Aside from the arrest of the group's nine members, law enforcement was also able to seize 200,000 in luxury items and more than 500,000 in assets. Phishing emails and SMS were sent by attackers to North America-based targets in an effort to exfiltrate confidential data that would enable online purchases or fund transfers. Different false identity documents were also leveraged by the threat actors to control more than 100 bank accounts where the proceeds of their operations were funneled into. Attackers also opened more bank accounts to facilitate money laundering operations.
The dismantling of the cybercrime ring comes amid the increased prevalence of cybercrime in Spain, with the police reporting a 72% rise in cybercrime between 2019 and 2022.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.