The group is responsible for ransomware and malware attacks, SIM swapping, extortion with threats of explosion, etc.
Polish law enforcement officers arrested four alleged members of a hacker super-group that is actively involved in various cybercriminal activities. The group is responsible for ransomware attacks, malware distribution, SIM swapping, banking fraud. Administration of fake online stores, and even extortion with explosion threats. Four suspects were arrested this week, and four more are under investigation.
An investigation into the activities of a cybercriminal group began in May 2019, when a certain Lukasz K. hired hackers. Via the Internet in order to frame his business rival. The cybercriminals spoofed the businessman’s email address and sent a letter to the. Administration of one of the schools in Lechitsa on his behalf, threatening to blow up the building if the ransom was not paid. As a result, the competitor was arrested and spent two days in custody until the police found out what happened.
After being released from custody, the businessman hired a private detective to find out who set him up. When the cybercriminals realized that they were being followed. They hacked one of the Polish telecom operators and forged thousands of zloty invoices. Allegedly in the name of a businessman and a private detective.
One of the most notorious cases occurred on June 26-27, 2019, when cybercriminals sent bomb threats to 1,066 kindergartens. As a result, 10,536 people were evacuated from 275 kindergartens throughout Poland.
Among other things, the group carried out attacks using ransomware and malware such as Cerberus, Anubis, Danabot, Netwire, Emotet and njRAT. The number of victims is in the thousands.
From the infected devices, hackers stole personal data, with the help of which they transferred money from bank accounts. If the bank used several authentication mechanisms. The attackers took the information stolen from the victims and ordered fake IDs on the darknet. With their help, they tricked mobile operators by forcing them to “bind”. The victim’s account to a new SIM card (a technique known as SIM swapping).
According to Polish media reports, using this technique, the group stole 199,000, 220,000 and 243,000 zlotys in three separate incidents. The hackers also tried to steal PLN 7.9 million from one of the victims. But the hacking was stopped when bank employees called the victim to confirm the transaction.