Login
iscover
An international operation found templates and scripts mimicking government websites were allegedly being offered to cyber criminals to harvest personal data.
Newsletter
8 Malaysians arrested over alleged myGov phishing kits
28 November 2023
•
9 minute read
Eight people have been arrested in Malaysia for allegedly developing phishing kits that target myGov and other Australian government websites following a tip-off by the AFP.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The AFP said its cyber crime centre had detected a Malaysian national who was advertising the phishing kits, which contained templates and scripts replicating Australian government sites including myGov.
The kits, which also covered US and Malaysian government websites, were allegedly being run on a “bulletproof” host server and sold to cyber criminals trying to steal personal data.
In a separate investigation, the FBI linked the hosting service to an alleged organised criminal syndicate and further enquiries located a Malaysian technology park that housed the servers and hardware.
Malaysian police arrested a Borneo man following a search of his home which found large numbers of usernames, passwords and cryptocurrency wallet seed phrases.
During a simultaneous search of the technology park, Malaysian police and the AFP seized four servers, power cables, monitors and a modem.
The Borneo man and seven others who allegedly acted as mules were arrested and charged under Malaysian law.
The joint forces said one server held more than 16 virtual machines that ran a variety of operating systems and services to support the hosting service.
Investigators seized more than 60 terabytes of data, three servers and one network storage device.
AFP Acting Detective Superintendent Darryl Parrish said phishing attacks cost Australians almost $25 million last year.
“Cybercriminals will use any tools and tricks to exploit people for their own profit – in this case, it is mimicking trusted government websites,” he said.
“The AFP is committed to working with our valued law enforcement partners to track down cybercriminals and bring them to justice, regardless of where they are in the world.
“This case highlights how vital it is for law enforcement agencies to share intelligence and resources globally, as crime is borderless.”
Last week the ATO bolstered its defences around myGovID to counter an “unprecedented rise” in identity-related fraud.
It said security upgrades would add extra layers of protection to the myGovID service after an increase in the pace and scale of criminals using stolen personal information.
The ATO said last financial year there was a 25 per cent increase in impersonation scam reports, with 346 individuals divulging personal identifying information including myGov sign-in credentials.
This month it also rolled out the next phase of its agent-client linking system, which was also designed to tackle security concerns.
You need to be a member to post comments. Become a member for free today!
