The Royal Malaysian Police announced that they have seized the notorious BulletProftLink phishing-as-a-service (PhaaS) platform, which was a major source of cybercrime and credential theft. Phishing is a type of online fraud where attackers impersonate legitimate entities or individuals to trick victims into revealing sensitive information, such as passwords, bank account details, or credit card numbers.

BulletProftLink was a PhaaS platform that provided cybercriminals with everything they needed to carry out phishing attacks, such as:

BulletProftLink was a lucrative and popular operation among cybercriminals, who paid a subscription fee of $2,000 per month to access regular batches of credential logs. The platform had thousands of subscribers, some of whom used the stolen credentials to gain initial access to corporate systems and launch further attacks, such as ransomware, data theft, or espionage.

The BulletProftLink operation started in 2015, but it became more active and visible since 2018. It was also the subject of several investigations and reports by cybersecurity researchers and experts, who exposed its features, techniques, and operators.

One of the most notable investigations was conducted by Gabor Szathmari, a cybersecurity expert who published a three-part series of open-source intelligence research in 2020, where he revealed the identity and lifestyle of the alleged leader of the operation, a Malaysian national who lived a lavish life with expensive cars, jewelry, and properties.

Another report was published by Microsoft in September 2021, where they warned about the high volume and sophistication of the phishing attacks facilitated by BulletProftLink. They also estimated that the platform had 1,618 subscribers at the time, who had access to 327 phishing page templates.

The BulletProftLink operation was finally dismantled on November 6, 2023, thanks to a joint effort by the Royal Malaysian Police, the Australian Federal Police, and the FBI. The authorities arrested eight individuals, including the suspected leader of the operation, and seized multiple domains, servers, computers, cryptocurrency wallets, jewelry, vehicles, and payment cards.

The seizure of the BulletProftLink platform is a significant blow to the cybercrime ecosystem, as it deprives thousands of cybercriminals of a powerful and easy-to-use tool for phishing attacks. However, it is also a reminder of the constant threat and evolution of phishing campaigns, and the need for users and organizations to be vigilant and protect their online accounts and data.

P.S. – Here’s what their control panel looked like: