Law enforcement officials from 19 countries [3] [6], led by the Metropolitan Police in the United Kingdom [6], successfully shut down LabHost [7], the world’s largest phishing-as-a-service platform [3], on April 18, 2024 [10].


This operation [1] [2] [3] [4] [6] [7] [8] [9] [10] [11], known as Operation Stargrew and initiated in June 2022 with intelligence from the Cyber Defence Alliance [2], resulted in the arrest of 37 suspects internationally [1], including the site’s original developer [1]. LabHost [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11], which originated in Canada in 2021 and expanded to the UK [3], Ireland [3], and beyond [3], offered tools for launching phishing and smishing campaigns and made over £1m from tens of thousands of victims. By 2024 [1], it hosted up to 40,000 phishing sites with 2000 criminal users paying a monthly subscription fee [1]. The investigation uncovered at least 40,000 phishing domains and 10,000 users worldwide [6], with criminals paying a monthly subscription fee for customizable illicit services targeting financial institutions [6], postal delivery services [6], and telecommunication providers [6]. The service has been used to obtain card numbers [3], PINs [3] [5] [11], and passwords globally [3], with payments totaling nearly £1m [3]. LabHost offered multi-factor authentication bypass [1], customizable phishing pages [1], smishing capabilities [1], and support for phishing campaigns on various non-banking sites [1]. The Met and global partners are now seeking to track down subscribers [1], with over 480,000 card numbers stolen globally [1]. Met deputy commissioner Lynne Owens emphasized the importance of dismantling international fraud networks and targeting those enabling online fraud on a global scale [1]. The majority of victims were aged 25 to 44 [5], and the crackdown on LabHost follows previous actions against cybercriminal groups [5], highlighting the prevalence of online fraud and the challenges law enforcement faces in combating it [5]. Trend Micro provided assistance in this law enforcement operation [10], showcasing the collaborative effort to combat cybercrime [10]. The criminal network behind LabHost scammed as many as 70,000 victims in the UK [11], obtaining 480,000 card numbers and 64,000 PINs worldwide [11]. The site enabled over 2,000 users to set up phishing websites to steal personal information [11], offering tutorials for those with limited IT knowledge [11]. Subscribers paid between £200 and £300 a month for worldwide membership [11], targeting victims globally [11]. After police disrupted the operation, 37 people were arrested worldwide [11], and up to 25,000 UK-based victims were contacted about compromised data [11]. This operation was part of a series of recent takedowns targeting fraud [9], phishing [1] [2] [3] [4] [6] [7] [8] [9] [10] [11], and ransomware groups [9], highlighting the global approach needed to combat international cybercrime [9]. Additionally, the joint operation led by the Metropolitan Police also resulted in five arrests in Australia, where over 94,000 people were impacted by the service [4]. The Australian Federal Police took down 207 criminal servers hosting fraudulent phishing websites created by LabHost [4].


The takedown of LabHost has had significant impacts on international cybercrime, with arrests made and victims notified. This operation underscores the importance of global collaboration in combating online fraud and the ongoing challenges faced by law enforcement in addressing cyber threats. Moving forward, efforts to dismantle criminal networks and disrupt illicit services will be crucial in safeguarding individuals and organizations from cyber attacks.