FBI disrupts massive AI-powered phishing service using a million URLs

The FBI has dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that deployed over one million URLs to harvest credentials and payment card data. The takedown involved coordination with Google and Black Lotus Labs, which identified the infrastructure powering the attack.

Outsider Enterprise operated as a commercial phishing platform, offering criminals the ability to launch targeted attacks at scale. The service leveraged thousands of phishing websites designed to mimic legitimate platforms, tricking users into surrendering login credentials and financial information. The operation's infrastructure spanned multiple hosting providers and used domain masking techniques to evade detection.

The attack campaign targeted individuals across multiple sectors, with particular focus on financial institutions and email providers. Victims entered sensitive data into fake login pages that captured passwords and credit card numbers in real time. The stolen credentials were then monetized through resale on underground forums or used for direct fraud.

Black Lotus Labs identified the command-and-control infrastructure supporting the phishing websites and traced the operation to Chinese threat actors. The investigation revealed that Outsider Enterprise had been operational for months, generating substantial revenue through credential sales. The service operated similar to other cybercriminal marketplaces, allowing customers to customize phishing campaigns and track success metrics.

Google's involvement included identifying and indexing phishing URLs, then removing them from search results and blocking them at the browser level. The company also hardened Gmail protections against the phishing variants observed in the campaign.

The FBI coordinated takedown actions targeting the hosting infrastructure, domain registrations, and payment mechanisms supporting Outsider Enterprise. Law enforcement seized control of key servers and disabled the service's ability to distribute new phishing URLs. The operation targeted both individual consumers and enterprise employees, making it a threat across multiple attack surfaces.

This disruption demonstrates law enforcement's capacity to coordinate international cybercrime investigations and dismantle commercial phishing infrastructure. However,