Author of uPanel phishing kit arrested in Ukraine

More than 50% of all phishing attacks that targeted Australia in 2019 were carried out using uPanel, officials said.
Written by Catalin Cimpanu, Contributor
Image: Ukraine Ministry of Internal Affairs

Ukrainian police arrested a 39-year-old man last week on accusations of developing and advertising one of the most advanced and widely used phishing toolkits of the underground hacking scene.

The suspect, whose name was not released to the public, was arrested last week, on Thursday, February 4, in the Ternopil region of Ukraine, following an international investigation between law enforcement agencies in Australia, the US, and Ukraine.

Suspect identified as uPanel author

Sources familiar with the investigation told ZDNet the suspect was the author of a phishing tool named uPanel, sometimes also referred to as U-Admin.

Fred HK, an independent malware security researcher who studied the toolkit in a report last year, described uPanel as the following:

"U-Admin is a control panel for receiving logs from phishing kits, and controlling victim interaction. U-Admin is also used with injections, which are snippets of code that are injected into a victims' browser, enabling the attacker to gather more information from their victims. [...] U-Admin is not sold on its own, it is included when you purchase one of their phishing pages/injects."


Image of the uPanel store hosted on the dark web.

Image: Fred HK

According to information shared with ZDNet by threat intelligence firm Intel 471, uPanel was sold via a dedicated website hosted on the dark web and advertised on one a popular underground cybercrime forum, where the author went by the nickname of kaktys1010.

According to early versions of the author's ads, the uPanel kit has been available for sale since 2015, with its price ranging from $80 to $800, depending on the features buyers wanted to have included in their panels.

uPanel had more than 200 customers

In a press release from the Ukrainian Ministry of Internal Affairs last week, officials said that uPanel had more than 200 active customers based on data they obtained after seizing computers, laptops, and smartphones from the suspect's residence.

Officials believe the uPanel phishing toolkit was used in phishing operations that caused tens of millions of US dollars in losses to financial institutions in 11 countries, such as Australia, Spain, Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany, the US, and the UK.

Australian law enforcement said that more than 50% of all phishing attacks that targeted Australian users in 2019 were carried out using uPanel.

Investigators said the suspect didn't just create the phishing kit and advertised but also spent a great deal of time and effort in providing tech support to its customers.

A video released by Ukrainian officials with footage from the suspect's arrest is available below:

The FBI's most wanted cybercriminals

Editorial standards