Eight people have been arrested over their alleged role in a global cybercrime syndicate targeting federal government websites.
Malaysian authorities arrested the alleged e-criminals for developing kits for phishing - a scam based on fake emails or texts that trick people into giving over personal information - that targeted the government's myGov website.
The arrests were made after the AFP gave intelligence to Royal Malaysian Police that identified a Malaysian national advertising the phishing kits, the AFP said in a statement with the RMP and United States Federal Bureau of Investigation (FBI) on Monday.
A Malaysian national, 35, and seven other individuals who were allegedly mules for the man, were arrested and charged under Malaysian law over the scam.
AFP Detective Superintendent Darryl Parrish said Australians lost more than $24.6 million to phishing attacks last year.
"Cybercriminals will use any tools and tricks to exploit people for their own profit, in this case it is mimicking trusted government websites," Det Supt Parrish said.
The AFP outlined the operation and architecture of the phishing service, and identified a link with a "bulletproof" hosting service that facilitated the criminal activity, the agencies said.
The kits allegedly contained phishing templates and scripts replicating government websites in Malaysia, Australia and the US, and were being sold to e-criminals.
The FBI linked the "bulletproof" hosting service to the alleged organised criminal syndicate.
Investigators seized more than 60 terabytes of data, including three servers and one network storage device, the agencies said.
The arrests come after the federal government released this month a national cyber security strategy aimed at becoming a world leader e-security by 2030, after it conceded authorities lacked methods to hold cyber criminals at bay.
Australia has been rocked in recent times by a series of hacks on prominent companies including Optus, Medibank and ports operator DP World Australia.
