UPDATE: FBI "Operation Ghost Hook" seizes the Outsider PhaaS infrastructure Google had sued

UPDATE (originally covered 2026-06-13): the China-based Outsider Enterprise phishing-as-a-service network — the subject of Google's 13 June civil complaint covered last brief — has now been hit on the criminal-enforcement track. On 14 June the FBI, working with Google and Lumen's Black Lotus Labs, executed "Operation Ghost Hook," seizing thousands of Outsider-registered domains (now redirecting ~1 million phishing URLs to an FBI splash page), core admin servers, a Shopify storefront and roughly $100,000 in USDT (BleepingComputer, 2026-06-14; CyberScoop, 2026-06-12).

The delta beyond Google's civil action: agents accessed an Outsider Telegram bot to enumerate the network's criminal customers, and the operation is folded into the FBI's broader "Operation Riptide" against cybercrime infrastructure. Outsider sold AI-assisted phishing kits (it weaponised Gemini and other tools to generate custom phishing-site code) for $88 per week, using fake package-delivery, toll, parking and brokerage lures across 55 countries including the United States (CyberScoop, 2026-06-12).

Defender takeaway: the domain seizure cuts active infrastructure, but Outsider-derived kits — and the prompt-to-phishing-page generation capability — are portable to fresh domains by affiliates. Continue to hunt for AI-generated package/toll/parking credential-harvest pages and brand-impersonation lures targeting staff; the takedown lowers volume, not technique.