The Moroccan Police have found the trace of an individual author of numerous cyber-crimes known under the pseudonym of Dr HeX, following a joint investigation with Interpol and Groupe-IB. In any case, this is indicated by a publication published yesterday on the Interpol site and which has certainly not gone unnoticed here. Indeed, it is said that ” suspected prolific cybercriminal apprehended in Morocco following two-year joint investigation by Interpol, Moroccan police and Groupe-IB “.
The latter, working in the private sector, is one of the main providers of solutions for the detection and prevention of cyber attacks, online fraud and IP protection, and is also a partner of Interpol, Europol, etc. in the field of cybercrime. However, the suspect, a Moroccan citizen, whose name has not been revealed, acting under the name of “Dr HeX”, was in the crosshairs of these three aforementioned bodies. In fact, within the framework of the “Lyrebird” operation, the Interpol Cybercrime Directorate worked in close collaboration with Groupe-IB and with the Moroccan police via the Interpol National Central Office in Rabat to finally locate and apprehend the individual who is still under investigation. The actor allegedly responsible for multiple attacks, including against French telecommunications companies, as well as the country’s main banks and multinational companies, following a two-year investigation, was arrested in May by Moroccan police on the database on its cybercrimes provided by Groupe-IB. The news was only announced yesterday as part of Interpol’s Operation “Lyrebird”.
It is said to have targeted thousands of unsuspecting victims over several years through global phishing, fraud and card activity involving credit card fraud, carding. He is also accused of degrading numerous websites by modifying their appearance and content, and of targeting French-speaking communications companies, several banks and multinational companies with malware campaigns. The suspect also reportedly helped develop file-and-phishing kits, which were then sold to others through online forums to enable them to facilitate similar malicious campaigns against victims. These, were then used to impersonate online banking facilities, allowing the suspect and others to steal sensitive information and defraud trusted people for financial gain, loss of business. individuals and companies being published online in order to advertise these malicious services. According to the Threat Intelligence team at Group-IB, the suspect, nicknamed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009. The starting point of Group-IB’s research to identify and de-anonymize the cybercriminal was the extraction of a phishing kit (a tool used to create web pages of phishing). Further analysis of Dr. Hex’s digital fingerprint revealed his association with other malicious activity.
During the period 2009-2018, the threatening actor degraded more than 130 web pages. Analysts also found the cybercriminal’s posts on several popular underground malware trading platforms that indicate his involvement in malware development. Further investigation uncovered a YouTube channel and links to an Arabic crowdfunding platform. The team then found two domains registered with the same email address, included in the phishing kit. A total of five email accounts, six nicknames, and the suspect’s YouTube, Facebook, Instagram and Skype accounts were discovered. ” Group-IB analysts also found the cybercriminal’s posts on several popular malware trading sites that indicate his involvement in malware development. Adds the global threat hunting and cyber intelligence company.
Interpol Executive Director of Police Services Stephen Kavanagh said: “ This is a significant success against a suspect accused of targeting unsuspecting individuals and businesses in multiple regions for years, and the case highlights the threat posed by cybercrime worldwide ”. Kavanagh further added “The arrest of this suspect is due to exceptional international investigative work and new modes of collaboration with both the Moroccan police and our vital private sector partners such as Group-IB”.