The US Justice Department announced on Monday the seizure of a web domain and a password database used by a cybercrime group to steal millions of dollars from bank accounts.
According to the DOJ, the seized domain, web3adspanels.org, hosted a backend web panel used by the cybercriminals to store and manipulate thousands of stolen bank login credentials.
The threat actor conducted a massive bank account takeover scheme that involved malicious ads on search engines such as Google and Bing in an effort to lure users to fake bank websites.
These phishing sites tricked victims into handing over their login credentials, which the cybercriminals could then use to access and drain their bank accounts.
The FBI has identified nearly 20 victims in the US, including two companies, and has determined that the cybercriminals attempted to steal roughly $28 million, with the actual losses estimated at approximately $14.6 million.
Estonian law enforcement, which also took part in the operation, “preserved and collected data from servers hosting the phishing pages and the stolen login credentials used in furtherance of the scheme,” the DOJ said.
The Justice Department has not mentioned any arrests or charges.
The announcement comes less than a month after the FBI reported that cybercriminals engaging in account takeover schemes have caused over $262 million in losses since January 2025.
The DOJ’s announcement also comes shortly after Troy Hunt, the administrator of the Have I Been Pwned (HIBP) data breach notification service, revealed that the FBI had provided a collection of 630 million compromised passwords for analysis.
HIBP enables users to learn whether their credentials have been compromised in a data breach, based on their email address. The service has cataloged more than 17 billion credentials.
Hunt’s analysis showed that the passwords provided by the FBI likely did not come from a single breach, but from various sources, such as cybercrime marketplaces and infostealer malware. Approximately 46 million of the passwords, representing 7.4% of the total, had not been in the HIBP database.
It’s unclear if the passwords analyzed by Hunt are in any way related to the DOJ’s Monday announcement.
Related: 574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings
Related: ATM Hackers Using ‘Ploutus’ Malware Charged in US
Related: Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US
