Interpol and Indonesian police have arrested three men on suspicion of being part of a cybercrime group engaged in Magecart attacks.
The arrests, which took place on December 20 but were only made publish last week in a press conference, mark the first arrests of a Magecart gang.
The suspects were only identified by their initials: ANF (27 years), K (35 years), and N (23 years), from he regions of Jakarta and Yogyakarta.
According to the company' scans, the group was active since 2017, and its code was found on 571 websites, 17 of which are still infected to this day, after the store owners failed to clean their sites.
Sanguine Security says the gang's code was easy to track because of the presence of a recurring message that read "Success gan," which translated to "Success bro" when translated from Indonesian.
Group-IB, which was directly involved in the investigation and helped authorities track down the group, said the suspects used the stolen payment card data to buy goods, such as electronic devices or other luxury items, which they later tried to resell online in Indonesia at below the market prices.
To hide their real location and identities, the group used VPN (virtual private network) services to access their command and control servers to retrieve the stolen card data. The GetBilling group also used stolen card data to pay for hosting services, again, trying to hide their real identities.
"Group-IB Cyber Investigations team determined that some of the GetBilling's infrastructure was located in Indonesia," the company said in a press release today. "Upon discovery of this information, INTERPOL's ASEAN Desk promptly notified Indonesian cyber police."
The three suspects were arrested last year part of an operation codenamed Night Fury, but the investigation is still ongoing. Each suspect face up to ten years in prison for their crimes.