In a significant blow to international cybercrime, law enforcement agencies have successfully dismantled a sophisticated criminal network that exploited the automated phishing platform iServer to unlock stolen and lost smartphones. The operation, codenamed Kaerb, resulted in the identification of 483,000 victims worldwide and the arrest of 17 suspects across six countries.
The Rise and Fall of iServer
iServer, operational since 2018, was a cutting-edge platform that automated phishing attacks by creating malicious pages mimicking popular cloud mobile platforms. The service catered to low-skilled criminals known as “unlockers,” who sought to bypass security measures on stolen phones.
Cybersecurity firm Group-IB played a crucial role in uncovering the operation, providing vital intelligence to Europol in 2022. This information kickstarted a coordinated effort involving law enforcement and judicial authorities from Spain, Argentina, Chile, Colombia, Ecuador, and Peru.
Anatomy of the Phishing Scheme
The criminals behind iServer employed a multi-pronged approach to steal user credentials:
- Automated phishing attacks via email, SMS, and voice calls
- Creation of convincing fake pages impersonating legitimate mobile platforms
- Exploitation of victims’ attempts to recover lost devices
One common tactic involved sending SMS messages that appeared to be from Apple, promising to help locate lost devices. Instead, these messages directed victims to phishing pages where their credentials were harvested.
The Scale of the Operation
The magnitude of the iServer operation is staggering:
- Over 2,000 unlockers registered on the platform
- 1.2 million phones targeted worldwide
- 483,000 confirmed victims, primarily Spanish-speaking individuals from Europe, North and South America
Operation Kaerb: A Coordinated Strike
From September 10-17, 2023, law enforcement agencies conducted a series of coordinated raids:
- 17 suspects arrested across six countries
- 28 searches executed
- Seizure of mobile phones, electronic devices, luxury cars, and weapons
A significant breakthrough came with the arrest of the iServer administrator, an Argentine national who had managed the platform for over five years.
This operation highlights the growing sophistication of cybercriminal networks and the critical importance of international cooperation in combating digital threats. As cybercriminals continue to evolve their tactics, it’s crucial for individuals and organizations to remain vigilant, regularly update their security measures, and educate themselves about the latest phishing techniques. The success of Operation Kaerb serves as a reminder that through collaborative efforts, even the most complex cybercriminal operations can be dismantled.
