The Federal Bureau of Investigation and Indonesian law enforcement authorities have dismantled a global phishing operation that enabled cybercriminals to steal account credentials and attempt fraud worth more than $20 million.
The operation relied on a “full service” phishing kit that allowed attackers to bypass security measures and access thousands of accounts worldwide.
Phishing Kit Enabled Credential Theft
Investigators said the operation centred on a tool known as the “W3LL phishing kit”, which allowed criminals to impersonate legitimate login pages and trick users into entering their usernames and passwords. Once entered, the tool captured these credentials and also collected session data, enabling attackers to bypass multi factor authentication systems.
The kit was reportedly sold for about $500, giving buyers the ability to deploy fake websites that closely resembled trusted platforms and harvest sensitive login information from victims.
FCRF Returns With CDPO, Its Premier Data Protection Certification for Privacy Professionals
Marketplace and Global Reach
The phishing tool was supported by an online marketplace called “W3LLSTORE”, which facilitated the sale of more than 25,000 compromised accounts between 2019 and 2023. Even after the marketplace shut down in 2023, the operation continued through encrypted messaging applications, where the tool was rebranded and redistributed.
Between 2023 and 2024, the kit was used to target over 17,000 victims globally. Authorities have not specified how many individuals in Georgia were affected, despite the scale of phishing attempts recorded during this period.
Arrest and Ongoing Enforcement
On April 10, authorities in Indonesia detained the alleged developer of the phishing kit, identified only as “G.L.”, and seized the associated infrastructure. Officials have not disclosed the full identity of the suspect.
Speaking on the crackdown, FBI Atlanta Special Agent in Charge Marlo Graham said the operation functioned as a full service cybercrime platform rather than a simple phishing scheme, and confirmed continued cooperation with domestic and international partners to protect the public.
The takedown marks the first coordinated action by United States and Indonesian authorities against a phishing kit developer. The U.S. Attorney’s Office for the Northern District of Georgia also played a role in identifying and dismantling the operation’s infrastructure.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
