Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 19, 2026 | 11:58 UTC
4110 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Threat Intelligence

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

Thirumala Rao Padilam Thirumala Rao Padilam April 13, 2026
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

The FBI and Indonesian National Police have dismantled the infrastructure linked to the W3LL phishing network, which was involved in stealing thousands of user credentials and attempting more than $20 million in fraudulent transactions. The operation also led to the detention of the alleged developer of the phishing toolkit.

What happened

Authorities from the U.S. Federal Bureau of Investigation in collaboration with the Indonesian National Police successfully dismantled the infrastructure supporting a global phishing campaign. The operation employed an off-the-shelf phishing toolkit known as W3LL to execute mass credential theft from victims worldwide. This infrastructure takedown followed the arrest of the individual suspected to be the developer of the W3LL toolkit. The criminal network behind this campaign had attempted fraud totaling more than $20 million using the stolen credentials.

Why it matters

Phishing campaigns continue to be a prevalent method for cybercriminals to harvest user credentials and conduct financial fraud. The takedown of the W3LL phishing infrastructure represents a significant disruption in a global threat operation that had caused extensive fraud losses. Removing such toolkits and detaining their creators can slow the proliferation of accessible phishing tools that simplify attacks for less skilled threat actors.

What security teams should do

Security teams should remain vigilant for phishing campaigns that may use similar off-the-shelf tooling like W3LL. Organizations are encouraged to enforce multi-factor authentication and educate users on recognizing phishing attempts. Monitoring for unusual authentication activity linked to credential theft remains a critical step in detection and mitigation. Collaboration with law enforcement agencies is key to addressing such global threats.

Key technical details

The phishing campaign leveraged the W3LL toolkit to create deceptive login portals designed to harvest account credentials on a large scale. The off-the-shelf nature of W3LL made the phishing scheme accessible and scalable, facilitating credential theft across multiple organizations and individual victims. The infrastructure was global, enabling the attackers to conduct extensive fraud attempts using the stolen data.

Affected organizations/products

Thousands of account credentials were stolen globally through this W3LL phishing operation, leading to fraud attempts exceeding $20 million. Specific affected organizations or product sectors were not detailed in the disclosed information.

Source attribution

https://thehackernews.com/2026/04/fbi-and-indonesian-police-dismantle.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!