‘Phoenix’ group laid low following seizure of computing equipment and stolen devices

Ukrainian police say they have put an end to the activities of an international phone-hacking collective after seizing incriminating evidence in a series of raids.

Dubbed ‘Phoenix’, the cybercrime group stands accused of leveraging phishing schemes to hack into targets’ mobile devices, which then enabled them to harvest banking credentials and withdraw funds from victims’ financial accounts.

Ukrainian law enforcement seized computing equipment, hacking tools, and stolen mobile phones that were being prepared for resale after swooping on five addresses, including offices as well as ‘phone shops’ and suspects homes’ based in Kyiv and Kharkiv.

Several press reports have stated that Phoenix’s five Ukrainian members, which all have a higher technical education, were arrested. However, a Ukrainian language press release published by the Security Service of Ukraine (SSU) on Wednesday (November 24) did not explicitly mention arrests. We have approached the SSU in the hope of clarifying this point.


Ukrainian authorities confiscated computer equipment during a series of raids

Nefarious activities

Victims were fooled into divulging phone account login credentials to websites ostensibly operated by mobile device manufacturers such as Apple and Samsung.

The attackers were then able to remotely access their marks’ mobile devices and sell the personal data subsequently harvested to third parties.


RECOMMENDED Cyberstalking study: UK residents most accepting of spyware to track partners’ movements


They also sold unauthorized access to victims’ mobile phone accounts for an average fee of $200, said the SSU.

The cybercrooks targeted several hundred victims over a period spanning more than two years, the authorities added.

Previous cybercrime scalps

The seizures represent the latest in a string of recent cybercrime successes for Ukrainian police, sometimes with the support of overseas and international law enforcement agencies.

For instance, in October the SSU disrupted a powerful botnet as well as a group that laundered tens of millions of US dollars for cybercriminals.


Read more of the latest cybercrime news from around the world


And in September they arrested two individuals over a series of ransomware attacks against large industrial groups in Europe and North America, in an operation coordinated by Europol, with additional support from Interpol, the FBI, and French law enforcement.

Ukrainian police also played a role in an operation that saw US authorities seize $6.1 million earlier this month in connection with a ransomware campaign whose victims included IT giant Kaseya in July.


YOU MIGHT ALSO LIKE Iranian hackers charged with cybercrimes in connection with attempts to influence 2020 US Presidential Election