Massive Cybercrime bust in 9 countries, 600 arrested

Interpol announced the successful conclusion of a seven-month operation into a massive cyber fraud ring operating. The perpetrators allegedly hijacked over $83 million in funds from victims during a their i> nternational crime spree.

The operation, dubbed HAECHI-I, began in September of 2020 and focused on financial cybercrime in Korea. As leads were followed over the next several months, the operation expanded to involve investigators from Cambodia, China, Indonesia, Korea, Laos, the Philippines, Singapore, Thailand, and Vietnam.

Charges have been laid for a number of different crimes, ranging from online sextortion to business email compromises schemes. In one such incident a Korean company was targeted and eventually defrauded to the tune of $3.5 million.

Invoices with modified banking information were injected into a legitimate email thread with a contractor and a whopping $7 million was redirected to accounts in Indonesia and Hong Kong.

These business email scams (BECs) have become frighteningly commonplace in recent years. In 2018 the FBI estimated that 24,000 corporate victims reported for over $5 billion in losses. Some of the hardest-hit victims have been defrauded out of tens of millions of dollars.

Interpol also detailed a series of ramp-and-dump schemes. The alleged fraudsters purchased shares of stock in multiple companies, worked to artificially inflate prices via social media posts and then swiftly re-sold the stocks for big profits. Once again, officials were able to move quickly and freeze numerous accounts and return a large percentage of the victims’ losses.

In total HAECHI-I spawned more than 1,400 separate investigations. While several hundred are still ongoing, Interpol revealed that nearly 900 are already considered closed.

Consequences of huge data dumps of mail + passwords + other sensitive info is looking likely here … It’s leagues beyond spear phishing …attackers know close to everything about and who you communicate with (social graph)

I think this was inevitable, as WFH is relatively new and people have yet to learn about the security threats prevailing on the world wide web.