Original Post: Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2
The article provides an in-depth analysis of an expansive phishing campaign discovered last summer, which mimicked around 350 legitimate companies. The investigation led to the discovery of leaked backend source code that revealed a scammer team management platform. This platform allowed scammers to interact via Telegram bots, manage phishing links, and store stolen data. The main orchestrator, identified as MrEnigman, operated through a Telegram channel, Haron_rent, which advertised the scamming platform.
Key findings include:
1. The phishing campaign was closely associated with a team management system, facilitating large-scale operations managed via Telegram.
2. The scam involved multiple actors, layers of infrastructure, and a streamlined process for recruiting and managing scam workers.
3. An individual known as MrEnigman and his network were heavily involved in promoting and managing the operation.
4. The scammers, mostly Russian-speaking, formed a structured community where they could recruit workers and mentors, managing phishing operations with sophisticated techniques.
5. The platform’s infrastructure utilized NodeJS, the Telegraf library for Telegram interaction, MySQL databases, and Cloudflare for domain management.
The article concludes with a call to action for further investigations to shut down this operation and protect against similar threats.
Go here to read the Original Post