Police shut down BulletProftLink PaaS operation

Police shut down BulletProftLink PaaS operation

Malaysian police in cooperation with the Australian Federal Police (AFP) and the US Federal Bureau of Investigation (FBI) dismantled a major phishing-as-a-service (PhaaS) operation called BulletProftLink (aka BulletProofLink and Anthrax).

Believed to be in operation since at least 2015, the platform provided a wide range of services at a relatively low cost, including more than 300 phishing templates mimicking known brands and services such as American Express, Bank of America, DHL, Microsoft, and Naver, phishing kits, email templates, hosting, and automated services. BulletProftLink is said to have amassed at least 8,000 customers.

The Malaysian authorities arrested 8 people aged between 29 and 56 across the country, including an alleged mastermind behind the operation. Alongside the arrests, the police confiscated servers, computers, jewelry, vehicles, and cryptocurrency wallets containing approximately 965,808 Malaysian ringgit (~$213,000).

On Tuesday, the US Department of Justice announced the takedown of the IPStorm malware botnet infrastructure, along with the guilty plea of the service’s operator Sergei Makinin.

Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025