Malaysian law enforcement authorities [2] [3], in collaboration with the Australian Federal Police and the US Federal Bureau of Investigation [2] [3], have successfully dismantled BulletProofLink [1], a major phishing-as-a-service (PhaaS) and initial access broker (IAB) operation [1] [4].


BulletProofLink [1] [2] [3] [4], which had been active since 2015 [1], provided tools and resources for conducting phishing attacks [1]. These included login pages for popular services and a tool for bypassing multi-factor authentication [1]. With over 8,000 clients [1] [4], BulletProofLink generated significant profits, potentially making over 1.2 million Malaysian ringgit ($250,000) from their scams [4].

The operation was brought down through intelligence shared by the Australian Federal Police and the FBI, leading to the arrests of eight individuals, including the alleged mastermind and a software engineer [1]. The cybersecurity firm Intel471 had previously warned about BulletProofLink’s acquisition of the Evilginx2 source code, which could enable adversary-in-the-middle (AITM) phishing attacks [4]. The lack of operational security by the group allowed cybersecurity vendors to uncover their real-world identities [4].

As part of the operation, authorities seized servers [3], computers [2] [3], a cryptocurrency wallet [2] [3] [4], electronic devices [4], jewelry [2] [3] [4], and vehicles [4], including approximately $213,000 in cryptocurrency. The closure of BulletProofLink marks a significant victory against cybercriminals [1], as it was a key source for infiltrating corporate networks [1].


The successful dismantling of BulletProofLink has significant impacts in the fight against cybercrime. It disrupts a major phishing-as-a-service operation and removes a key source for infiltrating corporate networks. The collaboration between Malaysian law enforcement, the Australian Federal Police [1] [2] [3] [4], and the FBI demonstrates the importance of international cooperation in combating cyber threats.

This operation also highlights the need for improved operational security by cybercriminals. The lack of proper security measures allowed cybersecurity vendors to uncover the identities of those involved. This serves as a reminder to cybercriminals that their actions are not anonymous and they can be held accountable for their crimes.

Moving forward, it is crucial for law enforcement agencies and cybersecurity firms to continue sharing intelligence and collaborating to dismantle similar operations. By doing so, we can better protect individuals, organizations, and critical infrastructure from the ever-evolving threat of cybercrime.