The Financial Monitoring Agency (FMA) has shut down the activities of a group suspected of carrying out a mass phishing SMS campaign using specialised equipment. Four suspects have been arrested and placed in custody. This case is the first recorded instance of such a scheme being used in the CIS countries.
HOW THE SCHEME WAS DISCOVERED
The operation was coordinated by the Prosecutor General's Office and involved cybersecurity experts from the telecommunications operator Tele2. It is reported that the group used a technical device capable of bypassing standard security mechanisms used by telecom operators.
HOW THE EQUIPMENT WORKED
According to the investigation, the suspects used a specialised device known as an SMS blaster. It mimicked the operation of mobile base stations and generated a strong signal within a radius of up to 300 metres.
As a result, mobile devices automatically connected to this less secure network. This allowed the sending of fake SMS messages, bypassing the standard security systems of operators. According to the FMA, the equipment was capable of sending up to 100,000 messages per hour.
WHERE THE MESSAGES WERE DISTRIBUTED
The materials state that to increase reach and maintain secrecy, the equipment was placed in vehicles and used while on the move. The main distribution points were crowded public places — such as markets and near shopping and entertainment centres.
The messages were sent supposedly on behalf of Beeline and Halyk Bank, offering a bonus exchange. Following the links led to phishing websites.
On these sites, users were asked to select goods, after which personal data was requested, including phone number, full name, bank details, CVV code, and SMS confirmation. According to the investigation, the suspects used this to gain access to confidential information and citizens' funds.
THE ARRESTS AND CURRENT CASE STATUS
The FMA reported that the group was identified at an early stage of implementing the scheme. This made it possible to prevent potential financial losses for citizens.
Currently, four suspects have been arrested and are in custody. The investigation is ongoing, with no further details provided in the materials.
RECOMMENDATIONS FOR CITIZENS
The FMA urges everyone to follow digital security measures:
- do not click on suspicious links;
- do not enter personal or banking details on unverified websites;
- only verify information through official sources.
The agency emphasises that employees of banks and telecom operators do not request confidential data via SMS or external links.