- Group-IB identifies more than 20,000 unique domains tied to the ecosystem and documented 80 phishing templates in Arabic, English, French, Spanish, and Hebrew.
Group-IB said it contributed to a coordinated investigation led by INTERPOL and the Algerian National Police that resulted in the arrest of the alleged primary developer and administrator of SniperDz, a phishing-as-a-service (PhaaS) platform active for nearly a decade.
SniperDz, operating since at least 2015, offered ready-made phishing kits, hosting, and operational support to cybercriminals, targeting users of major global brands including PayPal, Facebook, Instagram, Yahoo, Netflix, and Steam.
Group-IB said it identified more than 20,000 unique domains tied to the ecosystem and documented 80 phishing templates in Arabic, English, French, Spanish, and Hebrew. A 2016 statistic published by the platform claimed more than 45,000 victim records had already been collected.
According to Group-IB, its multi-month investigation combined infrastructure analysis, OSINT, and digital footprint correlation to attribute the platform’s development and administration. Investigators said an operational security lapse exposed administrative details in public video tutorials, while years of social media activity—along with a Telegram channel with over 7,300 subscribers and a Facebook account with more than 19,000 followers—linked the suspect to operations between 2015 and 2025.
Strong partnerships
As part of INTERPOL’s Operation Ramz, Algerian authorities disrupted infrastructure associated with SniperDz, including a website offering PhaaS capabilities, and arrested the individual identified as the platform’s administrator.
“SniperDz is a textbook example of why adversary-centric intelligence matters,” said Dmitry Volkov, Group-IB CEO. “By combining threat intelligence, attribution, and close collaboration with law enforcement, we were able to help identify the individual responsible for nearly a decade of phishing activity.”
“Phishing-as-a-Service is a significant global cyberthreat,” said Neal Jetton, INTERPOL’s Director Cybercrime. “Actionable intelligence and operational support enabled the identification and arrest of the developer and administrator of SniperDz. This outcome is a direct result of strong partnerships.”
Group-IB said the takedown underscores the value of intelligence-led collaboration between law enforcement and private cybersecurity firms. The company reports it has supported more than 1,600 high-tech crime investigations across over 60 countries.
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
