Singapore – Group IB, a computer and network security firm, has recently announced that it has collaborated with the Singapore Police Force, the Hong Kong Police Force (HKPF), and the Royal Malaysia Police in a joint operation called Operation DISTANTHILL.
This strategic operation led to the arrest of cybercriminals responsible for an Android Remote Access Trojan (RAT) campaign. The said campaign, which targeted victims across Southeast Asia, such as Singapore, recorded 1,899 cases in 2023 and total losses exceeding US$25m.
In this case, Group IB’s involvement encompassed thorough investigation, meticulous data analysis, and the application of advanced graph network analysis technology. These efforts significantly aided in pinpointing the syndicate’s network and infrastructure.
During the investigation, the company’s high-tech crimes investigation unit uncovered that the RAT targeted exploited Android users via phishing campaigns. Victims were then lured to download and install fake apps that appeared to offer special prices for goods and food items.
Upon installation and permission granting, the RAT facilitated the capture of sensitive data, including personal credentials and SMS-based one-time passwords (OTP) sent by financial institutions. The malware further enabled real-time geolocation tracking and persisted even after the device rebooted.
Group IB also played a crucial role in the analysis of the malware-as-a-service campaign and the tracing of over 250 phishing web pages used to distribute the fraudulent apps. With their Graph Network Analysis technology, Group IB also correlated C2 servers from over 100 malware samples, offering comprehensive insights into the syndicate’s network infrastructure and operations.
Dmitry Volkov, chief executive officer at Group-IB, said, “We are delighted to contribute to Operation DISTANTHILL and the dismantling of the malicious Android Trojan campaign. This successful operation is a testament to the power of collaboration between law enforcement agencies and the private sector in the fight against digital threats.”
“Through our worldwide network of Digital Crime Resistance Centres (DCRCs), including in Singapore, we are able to offer tailored solutions to address cybersecurity threats that are unique to our local clients, businesses, and their customers,” added Dmitry.
“We encourage others to join us in fighting cybercrime, and by pooling our resources, expertise, and technology, we can strengthen global cybersecurity. This partnership underscores our shared mission to relentlessly pursue cybercriminals and protect individuals and businesses from evolving threats, reinforcing the vital importance of public-private collaboration in securing our digital future,” he further explained.
Cheng, chief inspector at HKPF, stated, “Group-IB’s dedication to cybersecurity, as a member of the Cyber Security Action Task Force (CSATF) established by the Hong Kong Police Force (HKPF), reflects the collective effort of both the public and private sectors in safeguarding our digital landscape. Group-IB’s invaluable contributions exemplify the spirit of cooperation essential in this endeavour.”
