A joint law enforcement operation has dismantled an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of 483,000 victims worldwide.
The global operation, codenamed “Operation Kaerb,” began in 2022 after Europol received information from cybersecurity firm Group-IB, which contributed to identifying the victims and the criminals behind the phishing network.
According to Group-IB’s findings, the iServer platform automated phishing attacks by creating malicious pages that mimicked popular cloud-based mobile platforms.
“Operation Kaerb” involved law enforcement and judicial authorities from Spain, Argentina, Chile, Colombia, Ecuador, and Peru.
They discovered 483,000 victims globally, primarily Spanish-speaking individuals from Europe, North America, and South America, who were phished while attempting to regain access to their devices.
During a coordinated action week from September 10 to 17, law enforcement authorities arrested 17 suspects across Argentina, Chile, Colombia, Ecuador, Peru, and Spain, conducted 28 searches, and seized 921 items, including mobile phones, electronic devices, vehicles, and weapons.
The operation also led to the arrest of the phishing platform’s administrator, an Argentinian national who had been running the service for five years.
Since 2018, the iServer phishing platform has been providing phishing-as-a-service to low-skilled criminals known as “unlockers,” who used it to steal credentials from victims via phishing emails, SMS, or voice calls.
In these phishing attacks, they harvested all the data needed to unlock phones (including device passwords, user credentials, and personal information), bypass “Lost Mode,” and illegally unlink devices from their owners.
“The criminal sold access to his website and charged extra costs for phishing, SMS, emails or call performing,” Europol said. “Criminal users of the platform –or “unlockers”– provided phone unlocking services to other criminals in possession of stolen phones.”
Over 2,000 unlockers were registered on the platform, and the investigation revealed that the criminal network had targeted over 1.2 million phones globally, claiming roughly 483,000 victims in total.
Europol’s European Cybercrime Centre (EC3) and the Specialised Cybercrime Centre of Ameripol coordinated the international operation, marking the first time the two organizations worked together on such a case.