Mon Dieu! Suspected French ShinyHunters gang member in the dock

A French citizen was scheduled to look earlier than a US court docket on Friday on a nine-count indictment associated to his alleged involvement in the ShinyHunters cybercrime gang that trafficked in id and company knowledge theft and generally extortion.

Twenty-one-year-old Sebastien Raoult, aka Sezyo Kaizen, was arrested final yr in Morocco and extradited to the US this week. Raoult and two co-conspirators have been indicted on 9 counts — conspiracy to commit laptop fraud and abuse, conspiracy to commit wire fraud, 4 counts of wire fraud and three counts of aggravated id theft — by a grand jury in 2021. 

Since early 2020, the ShinyHunters crew has stolen “millions of customer records” and bought delicate knowledge belonging to greater than 60 firms in Washington state and elsewhere round the world, in response to the US Attorney’s workplace. 

The unnamed victims embody tech firms, a global inventory buying and selling firm, a clothes enterprise, a online game developer, and a vitamin and health concern. 

“Too many bad actors believe they can illegally access proprietary information and personal financial information by hiding behind a keyboard,” US Attorney Nick Brown stated in an announcement.

If discovered responsible, Raoult might spend a superb chunk his life behind bars. The conspiracy to commit laptop fraud and abuse cost carries a most of 10 years in jail, whereas conspiracy to commit wire fraud depend is punishable by 27 years, and wire fraud itself by a further by 20 years, if the court docket so decides. 

Additionally, aggravated id theft carries a compulsory minimal two-year jail time period to observe some other jail sentence imposed in the case.

Two different French residents, 23-year-old Gabriel Kimiaie-Asadi Bildstein aka “Kuroi” and “Gnostic Players,” of Tarbes and 22-year-old Abdel-Hakim El Ahmadi aka “Zac” and “Jordan Keso” of Lyon, are additionally charged in the indictment, however stay uncuffed.

According to the court docket paperwork [PDF] the trio’s alleged felony actions began with focused phishing emails “designed to deceive and dupe recipients into disclosing login credentials and access keys.” 

To make the emails look convincing, prosecutors say the crew imitated authentic web sites and log-in pages for authentic service suppliers together with, amongst others, a “computer code hosting and development platform used for software development and version control using ‘git,'” a messaging and communication platform, and a US-based cloud supplier.

• FBI smokes ransomware Hive after secretly buzzing round gang’s community for months
• UK Cyber Security Centre’s scary new story: One phish, two phish, Russia phish, Iran phish
• Bloke allegedly stole, bought personal information belonging to ‘tens of hundreds of thousands’ globally
• Crims steal knowledge on 40 million T-Mobile US prospects

These, after all, weren’t actual web sites, however reasonably ones managed by ShinyHunters and used to steal victims’ credentials. The crooks allegedly used this entry to sneak onto company networks and snoop round accounts and infrastructure, in search of helpful information equivalent to buyer information, supply code, and inside person knowledge, which they then stole and bought on varied underground boards.

In some instances, to keep up persistence to those accounts, the criminals additionally modified the account settings and passwords, or deployed instruments to bypass password logins utterly, the indictment says. Their entry additionally allowed them to illicitly mine for cryptocurrency of victims’ computer systems, the court docket paperwork say. 

They additionally allegedly demanded ransom funds now and again, publicly leaked the stolen knowledge, and redirected site visitors from the sufferer firm’s web site to a website that reveals a picture of a muscled man carrying all black, elevating his fists in the air, with the phrases “Hacked by Shiny Hunters” beneath him.

“Such conduct was designed to, among other things, promote the ShinyHunter Group’s notoriety, substantiate the group’s hacking ability and the authenticity of the hacked data, and in turn to facilitate monetization, whether through sales or ransom payments,” in response to the indictment. ®