Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
Polish law enforcement officials announced the liquidation of a hacker group that was engaged in various forms of illegal activity: extortion attacks, malware distribution, banking fraud, SIM card swapping, fake online stores, and even bogus messages about the mining of buildings at the request of customers.
Currently, four suspects have been arrested:
- Kamil S., also known as Razzputin, is a member of many Russian-language hacker forums, including Exploit and Cebulka;
- Pavel K., known under the pseudonym Manster_Team, mainly involved in banking crimes;
- Janusz K., involved in most of the group's crimes;
- Lukasz K. appears to be a prominent figure in the underworld.
According to Polish media, law enforcement agencies became interested in the activity of this hack group in the summer of 2019, when the attackers first reported a bomb threat at a school in ęczyca. Investigators say a man named Lukasz K. found and hired hackers online who agreed to send a bomb threat message to the school for a fee, and the email looked like it was written by a competing business partner of the school.
As a result, the man, whose identity was forged and used in the letter of the hackers, was arrested and spent two days behind bars before the police figured out what had happened. When the businessman was released, he hired a private detective to track down the real culprits of the incident, who wrote a fake bomb letter.
According to investigators, when the hackers realized what was happening, they hacked into a Polish mobile operator and in revenge issued invoices in the amount of several thousand zlotys both in the name of the detective and in the name of the businessman himself.
But the hackers did not limit themselves to just one threat of a bomb allegedly planted in the school. The fact is that other fictitious reports of bomb threats, including at the Western Railway Station in Warsaw, are also associated with this hack group. However, the most high-profile incident took place on June 26 and 27, 2019, when their hackers were hired to send out bomb threats to 1,066 kindergartens across Poland. As the Polish TV channel TVN24 reported, then the evacuation affected 10,536 people in 275 kindergartens across the country.
Law enforcers report that for each fake threat of this kind, hackers asked for a payment of 5,000 zlotys (about 99,000 rubles).
As mentioned above, sending such messages was far from the only source of income for the group. Although initially the attention of law enforcement officers was attracted precisely by the reports of the planted bombs, soon the investigation revealed that a long train of other crimes was trailing behind the intruders.
As it turned out, most often the group was engaged in the distribution of malware through phishing emails. Polish news site Otopress reports that the hackers were linked to at least 87 different domains that were used to spread malware. It is known to be malware for Windows and Android, including well-known threats such as Cerberus, Anubis, Danabot, Netwire, Emotet, and njRAT. According to the authorities, the total number of victims of the group is in the thousands.
Hackers stole personal data from users infected with various malware, which were then used to steal money from banks with weak security systems. However, even if the bank had multi-factor authentication mechanisms, hackers did not get lost. In such cases, they used information stolen from people to order fake documents on the darknet, and then with their help deceived employees of mobile operators and ordered the reissue of victims' SIM cards (such attacks are usually called SIM swap).
For example, posing as the real owner of the number, the fraudster claims that he has lost or broke the SIM card and is trying to transfer the number to a new one. Then he steals the accounts linked to the phone number, in fact, stealing other people's identities completely. Historically, such attacks are often used to steal large amounts of cryptocurrency, from bank accounts (after all, intercepting 2FA codes is becoming quite easy) and even to hijack expensive Instagram accounts... It is also worth mentioning that this is how Twitter heads of Twitter were hacked in this way last year and nearly compromised the BlockFi cryptocurrency platform ...
Polish media reported that by swapping SIM cards, the hack group was able to steal 199,000, 220,000 and 243,000 zlotys (about 4,000,000, 4,300,000 and 4,800,000 rubles) in three separate incidents. Moreover, in another case, the attackers set their sights on stealing PLN 7,900,000 (RUB 155,670,000) from one person, but the bank employees suspected a trick and called the victim's phone number to confirm the transaction. Since the SIM card had already been changed, the call was eventually received by the hackers, and the bank employee did not recognize the voice of a regular customer, which he knew well from previous conversations, which led to the blocking of the transaction.
In addition to the above, the group was engaged in another type of "business": hackers created about 50 fake online stores selling non-existent goods. Thus, the attackers managed to deceive more than 10,000 buyers.
