The FBI announced on Sunday that it had dismantled a large-scale phishing operation that allegedly used the W3LL phishing kit to target over 17,000 victims worldwide. According to court documents, the cybercriminals behind the scheme stole login credentials and multi-factor authentication codes from victims across multiple countries. The operation, which spanned several months, resulted in the seizure of infrastructure linked to the phishing kit.
Federal investigators identified the suspects as members of an organized group operating primarily from overseas jurisdictions. The W3LL phishing kit, a ready-made tool sold on dark web forums, allowed the criminals to create convincing fake login pages mimicking major services. Victims were tricked into entering their credentials on these pages, which were then harvested by the attackers. The FBI stated that the operation compromised accounts tied to financial institutions, email providers, and cloud storage services.
A joint task force involving the FBI, Europol, and cybersecurity firms conducted the takedown. Authorities executed search warrants in multiple countries and seized servers hosting the phishing infrastructure. The investigation revealed that the group had been active since early 2025 and had generated millions in illicit profits. No arrests have been made yet, as the suspects remain at large.
The FBI urged victims to reset their passwords and enable additional security measures. Cybersecurity experts noted that phishing remains one of the most effective methods for cybercriminals to gain access to sensitive data. The case highlights the ongoing threat posed by ready-made phishing kits available on underground markets.
Source: techcrunch.com