Israel News
FBI Says Chinese Cyber Ring Used Google Gemini in a Multi-Billion-Dollar Phishing Scheme
A joint operation by the FBI, Google, and Lumen brought down a large-scale Chinese cyber network. According to the charges, the platform let hackers build phishing sites with AI and steal millions of credit card records.
- Yuval Aviv
- | Updated
(Credit: shutterstock)A sweeping international operation led by the FBI, together with Google and infrastructure company Lumen, exposed a Chinese cyber network called Outsider Enterprise, which ran a "Phishing-as-a-Service" platform.
According to the indictment filed in federal court in New York, the network enabled even criminals with no technical know-how to set up scam websites within minutes, and was responsible for the theft of about 3.87 million credit cards and economic damages estimated at about $1.9 billion since July 2023.
The investigation, conducted as part of "Operation Ghost Hawk," led to the takeover of the organization’s central management servers, the seizure of an online store used to test the scam systems, and the confiscation of crypto wallets containing about $100,000. In addition, thousands of fake domains registered through American hosting providers were seized, and they now redirect to official FBI warning pages.
According to court documents, the platform’s business model was built around a relatively simple subscription service: scammers paid $88 a week or $200 a month through a dedicated Telegram bot, and received access to more than 290 ready-made templates. The templates closely mimicked the websites of banks, cellular providers, postal services, and toll payment systems.
The fake sites did more than collect login details. They pulled information in real time and showed users pop-up prompts demanding passwords and one-time verification codes. In this way, the attackers managed to bypass even advanced security measures, including two-factor authentication.
One of the most significant findings to emerge from the investigation involved artificial intelligence. According to the indictment, the system’s operators provided their customers with training videos explaining how to use Google’s Gemini model to generate HTML code for the scam sites. To get around the system’s safeguards, users relied on prompt engineering and framed their requests as harmless "gift redemption" pages, so the generated code appeared to the system to be legitimate assistance.
In the indictment, members of the network are charged with extortion, wire fraud, and trademark infringement. Even so, the FBI and Google acknowledge that the chances of securing the suspects’ extradition are low, since they are operating from داخل China.
