[Image: The phisherman episode 1]
Bex Nitert is an incident response and forensics professional in Australia. She describes herself as a digital firefighter who helps organizations after they’ve been hacked. She often investigates phishing, the term for stealing login credentials with the aim of taking over accounts and systems. And there’s a threat actor who performs this credential theft on an industrial scale. Bex found him operating in the open.
Many of the frauds, scams and data breaches that are common these days start with the takeover of say, someone’s personal or corporate email account or other type of account. Everything from stealing money from online bank accounts to business email compromise to even file-encrypting ransomware often starts with stolen login credentials. It’s a critical part of the cybercrime-as-as-service economy. Cybercrime-as-a-service is the term for products and services for sale that help other people commit crime on the internet.
There are lots of people who sell these credentials. But this person – the Phisherman – is exceptional. Bex’s investigation uncovered a pattern of malicious phishing activity that went back to at least 2015. These days, the Phisherman’s operation is growing in scale. And Bex found a sign that the Phisherman may be looking for new ways to generate revenue and that his operation may take a darker turn.
Participants:
Bex Nitert, Incident Response and Forensics Professional
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471
European law enforcement officials say a secret U.S. FBI task force called Group 78 used covert tactics to disrupt the Black Basta ransomware group, but it has caused tension. Intel 471 analyzes the delicate dynamics.
Check fraud in the U.S. is booming. Fraudsters steal checks and sell them on underground channels where they are purchased, modified and deposited in hopes of a payment. Here's a briefing on this multi-layered crime.
In August 2025, two anonymous researchers released 9 GB of data from a workstation of a likely advanced persistent threat (APT) group. Here’s an analysis of the data by Intel 471’s Cyber Geopolitical Risk team.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.