{"id":45359,"date":"2026-04-13T20:32:51","date_gmt":"2026-04-13T12:32:51","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/13\/fbi-dismantles-20m-phishing-operation-w3ll-infosecurity-magazine\/"},"modified":"2026-04-13T20:32:51","modified_gmt":"2026-04-13T12:32:51","slug":"fbi-dismantles-20m-phishing-operation-w3ll-infosecurity-magazine","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/13\/fbi-dismantles-20m-phishing-operation-w3ll-infosecurity-magazine\/","title":{"rendered":"FBI Dismantles $20m Phishing Operation W3LL &#8211; Infosecurity Magazine"},"content":{"rendered":"<p>US and Indonesian law enforcement authorities have taken down a large-scale phishing network that has plotted over $20 million in fraud.<\/p>\n<p>Spearheaded by the FBI Atlanta field office, the operation targeted W3LL, a <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/starkiller-phishing-kit-bypasses\/\" target=\"_blank\">phishing kit<\/a> which enables cybercriminals to impersonate legitimate login pages and trick victims into handing over their usernames and passwords. W3LL capabilities could be acquired for a fee of $500.<\/p>\n<p>The kit was notably sold on &lsquo;W3LL Store,&rsquo; a members-only online marketplace, which was active between 2019 and 2023.<\/p>\n<p>According to <a href=\"https:\/\/www.fox5atlanta.com\/news\/fbi-atlanta-takes-down-global-phishing-network\" target=\"_blank\">Fox 5 Atlanta<\/a>, investigators believe the marketplace facilitated the sale of more than 25,000 compromised accounts until its closure in 2023.<\/p>\n<p>The phishing operation continued after the marketplace shut down via encrypted messaging apps. Between 2023 and 2025, W3LL may have been used to target more than 17,000 victims worldwide.<\/p>\n<p>The FBI <a href=\"https:\/\/www.facebook.com\/FBIAtlanta\/posts\/fbi-atlanta-field-and-indonesian-law-enforcement-authorities-have-dismantled-a-g\/828783003598595\/\" target=\"_blank\">said<\/a> it has seized the w3ll.store domain and identified its alleged developer, publicly referred to as &lsquo;G.L.&rsquo;<\/p>\n<h2><strong>W3LL: A Complete Phishing Ecosystem for BEC Attacks<\/strong><\/h2>\n<p>W3LL was first <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/experts-uncover-underground\/\" target=\"_blank\">discovered in 2023<\/a> by cybersecurity firm Group-IB.<\/p>\n<p>In <a href=\"https:\/\/www.group-ib.com\/media-center\/press-releases\/w3ll-phishing-report\/\" target=\"_blank\">a September 2023 report<\/a>, the firm&rsquo;s researchers claimed the threat actor behind the phishing operation had been operating since at least 2017, when it began selling the W3LL SMTP Sender &ndash; a custom tool for sending email spam.<\/p>\n<p>The malicious actor later started selling a phishing kit for Microsoft 365 accounts and subsequently opened the W3LL Store.<\/p>\n<p>At the time the report was published, Group-IB observed that that the marketplace had over 500 active users and more than 12,000 items listed for sale. Researchers estimated the W3LL Store had generated $500,000 for the actor over a 10-month period.<\/p>\n<p>The researchers also assessed that the W3LL phishing kit had been linked to 850 phishing sites over the same reported period.<\/p>\n<p>Group-IB noted that what made the W3LL Store and its products stand out from other underground markets is that the threat actor created not just a marketplace but a complex <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/new-phishing-platform-credential\/\" target=\"_blank\">phishing ecosystem<\/a>. The fully compatible custom toolset covered almost the entire kill chain of business email compromise (BEC) and could be used by cybercriminals of all technical skill levels.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>US and Indonesian law enforcement authorities have take [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45359","post","type-post","status-publish","format-standard","hentry","category--infosecurity-magazine"],"_links":{"self":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/comments?post=45359"}],"version-history":[{"count":0,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45359\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/media?parent=45359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/categories?post=45359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/tags?post=45359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}==========================<br />
<b>Warning</b>:  count(): Parameter must be an array or an object that implements Countable in <b>/www/wwwroot/nuoyayasuo/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php</b> on line <b>9730</b><br />
<br />
<b>Warning</b>:  count(): Parameter must be an array or an object that implements Countable in <b>/www/wwwroot/nuoyayasuo/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php</b> on line <b>9733</b><br />
<br />
<b>Warning</b>:  count(): Parameter must be an array or an object that implements Countable in <b>/www/wwwroot/nuoyayasuo/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php</b> on line <b>9736</b><br />