Several members of a group allegedly behind hundreds of Magecart-style attacks were arrested last month in Indonesia as the result of an international law enforcement operation.
Interpol’s ASEAN Cyber Capability Desk and the Indonesian National Police just announced late last week the December 20, 2019 arrest of three members of a group allegedly behind a series of Magecart e-commerce attacks. The three individuals were only identified by their initials, age and city. According to Group-IB, the three are Jakarta and Yogyakarta and are N, 23; ANF, 26 and K, 35 years old.
Interpol reported it helped coordinate Operation NightFury that was supplied by the Indonesian police, the research firm Group-IB and security teams from other nations. The operation is on-going in five other countries where the gang allegedly had command and control servers.
“During the special operation, Indonesian Cyber Police seized laptops, mobile phones of various brands, CPU units, IDs, BCA Token, ATM cards,” said Group-IB.
The security firm said it has been tracking GetBilling since 2018 and a study of the infrastructure controlled by the arrested men indicate they infected at least 200 websites in Indonesia, Australia, Europe, the United States, South America, and some other countries.
Group-IB described the GetBilling as an experienced cybercrime organization that used VPNs to hide their location and stolen credit cards to buy equipment, hosting services and new domains.