Police crack down on phone-unlocking ring linked to 483,000 victims

A joint law enforcement operation has disrupted an international criminal network that used the iServer automated phishing platform to unlock stolen or lost cellphones belonging to 483,000 victims worldwide.

The global operation, codenamed “Operation Kaerb”, was launched in 2022 after Europol received information from cybersecurity company Group-IB that helped identify victims and criminals behind the phishing network.

According to Group-IB’s findings, the iServer platform automated phishing attacks by creating malicious pages imitating popular cloud-based mobile platforms.

Law enforcement and judicial authorities from Spain, Argentina, Chile, Colombia, Ecuador and Peru participated in Operation Kaerb.

It found 483,000 victims worldwide, mostly Spanish-speaking people from Europe, North and South America, who fell victim to phishing while trying to regain access to their devices.

iServer's Crimeware Service Model — *Crimeware-as-a-service model by iServer (Group-IB)*

During a coordinated week of action from September 10 to 17, law enforcement arrested 17 suspects in Argentina, Chile, Colombia, Ecuador, Peru and Spain, conducted 28 searches and confiscated 921 items, including mobile phones, electronic devices, vehicles and weapons.

The operation also led to the arrest of the phishing platform administrator, an Argentine citizen who had been running the service for five years.

Since 2018, the iServer phishing platform has been providing phishing services to inexperienced criminals known as “unlockers,” who use it to steal victims’ credentials via phishing emails, SMS messages, or voice calls.

The phishing attacks collected all the data needed to unlock phones (including device passwords, user credentials, and personal information), bypassed “lost mode,” and illegally disconnected devices from their owners.

*SMS message received by one iServer victim (Group-IB)*

“The criminal sold access to his website and charged additional fees for phishing, texting, emailing or making calls,” Europol said. “Criminal users of the platform – or ‘unblockers’ – provided phone unblocking services to other criminals in possession of stolen phones.”

There were more than 2,000 registered unlockers on the platform and the investigation revealed that the criminal network had taken control of more than 1.2 million phones worldwide, with a total of around 483,000 victims.

The international operation was coordinated by Europol’s European Cybercrime Centre (EC3) and Ameripol’s Specialised Cybercrime Centre. It was the first time the two organisations had worked together on a case of this type.