In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords.
The cybercrime operation used AI and distributed phishing kits for campaigns impersonating various trusted brands in texts sent through AT&T, T-Mobile, and Verizon.
Outsider Enterprise has been active since at least 2023 and operated at a massive scale, with Google linking to it 9,000 fake websites and more than a million fraudulent URLs.
Authorities believe that phishing campaigns powered by Outsider Enterprise led to stealing more than 3.8 million credit card records, causing an estimated $1.9 billion in losses.
[subtitle]
The action against Outsider Enterprise has technical and legal components and is part of the FBI's larger Operation Riptide that targets cybercrime activity and infrastructure.
During the technical takedown, the FBI and partners seized multiple administration servers, a Shopify e-commerce storefront, and an account the threat actor used to test the phishing service.
