The law enforcers of Interpol have apprehended a hacker who carried out multiple attacks on thousands of individuals and telecom companies, major banks, and multinational corporations in France over several years. The suspect, who was identified as a Moroccan national, employed phishing techniques to steal credit and debit card information.
Operation Lyrebird, carried out by the Interpol, led to the arrest of the hacker that goes by the name Dr HeX.
According to cybersecurity firm Group-IB, Dr HeX has been active since 2009 and is responsible for various cybercrimes, such as phishing, defacing, malware development, carding, and fraud.
The attackers used a phishing scheme that involved mass emails and spoofed websites of targeted companies. The phishing website then collected user names and passwords of the unsuspecting recipients. The actor then collected the email addresses and passwords of the victims by redirecting them to his email.
He also sold the kits through online forums to other individuals, Interpol said in a statement.
“These were then used to impersonate online banking facilities, allowing the suspect and others to steal sensitive information and defraud trusting individuals for financial gain, with the losses of individuals and companies published online in order to advertise these malicious services.”
The phishing kit included a script that contained the email address and the name “Dr HeX,” which helped the Interpol to eventually identify and deanonymize the hacker.
Low enforcers also discovered a YouTube channel, one more name that was used to register two fraudulent domains.
Group-IB said it linked the email addresses of the hacker with his infrastructure behind the phishing campaigns, which included multiple nicknames and email addresses, accounts on Skype, Facebook, Instagram, and YouTube.
Dr Hex’s digital footprint left a trail of malicious activities that can be traced back to 2009. Interpol said he defaced no fewer than 134 web pages. In addition, law enforcement agencies discovered the attacker’s posts on various underground forums, where he discussed his involvement in cybercrimes like attacks on French corporations to steal financial information.
“The suspect, in particular, promoted so-called Zombi Bot, which allegedly contained 814 exploits, including 72 private ones, a brute-forcer, webshell and backdoor scanners, as well as functionality to carry out DDoS attacks,” Group-IB CTO Dmitry Volkov told The Hacker News.