Law enforcement agencies in Poland have shut down a hacking supergroup responsible for a wide range of cyberattacks. Crimes included banking fraud, malware infections, fake online shopping websites, ransomware attacks, and SIM swapping. The suspects even made bomb threats on behalf of paying customers. The police apprehended four suspects, with four more under investigation. Polish media reported that the attackers have been under the microscope for over a year after sending a bomb threat to a school in Łęczyca.
But the authorities said that most criminal activities involved malware distribution through email phishing attacks, scams in which hackers pose as legitimate parties, like bank employees. Their emails contain links to malicious websites or attachments of infected documents or files. If you click on them, the malware will infiltrate your device and steal your data. According to Zaufana Trzeciastrona, a local infosec news site, the hacking group distributed several types of malware, including Emotet, Cerberus, Netwire, Anubis, Danabot, and njRAT. The number of victims is likely within the thousands.
The police revealed that the attackers stole users’ sensitive data, like passwords and PIN codes, and used it to steal money from banks with vulnerable security systems. But their creativity reached top levels when banks implemented multiple authentication methods. They would use the stolen information to get fake IDs from the dark web, then trick telecom operators into moving the victim’s account to a new SIM card. Thanks to the latter, hackers can reset passwords, intercept two-factor authentication (2FA) codes, and access victims’ accounts.
Polish media reported that the hacking group managed to steal thousands of dollars on three separate occasions using this particular technique. They almost got away with a cool $2 million from one victim via this method, if it weren’t for one vigilant bank employee. The hackers had swapped the victim’s phone number thanks to another fake-ID-bought SIM card, so they managed to intercept the bank’s phone call to confirm the transaction. But the employee did not recognize the regular customer’s voice and cancelled the deal.
Furthermore, the police said that the cybercriminals operated more than 50 fraudulent online stores, duping over 10,000 customers into buying products that don’t exist.
Bomb Threats
The cybercrime supergroup did not just stick to regular attacking methods like malware and phishing. They were also paid to send bomb threats. Lukasz K. was one of those customers. He found the hackers on Internet forums and paid them to send a bomb threat to a school in Łęczyca, making it appear as if his business rival was responsible. The framed man was arrested and spent two nights in prison before the police figured out he was innocent. After they released him, the man hired a private investigator to track down those who tried to falsely incriminate him. When the attackers discovered that someone was on their trail, they hacked a mobile operator and produced invoices worth thousands of zlotys (Polish currency) in the name of the detective and the framed businessman.
That wasn’t the only educational institution linked with the hackers. According to media reports, they made 1,066 bomb threats to kindergartens across Poland. This resulted in the evacuation of 10,536 people from 275 kindergartens.
The authorities also revealed that the perpetrators charged 5,000 zlotys (approximately $1,300) in payment for each fake threat. The gang was also linked with the attacking threat on the Western Railway Station in Poland’s capital, Warsaw.
Cyberattacks are increasing at a dangerous rate, meaning online security and privacy tools like VPNs are now crucial. TheVPN.Guru offers the latest VPN reviews and tips, in addition to valuable how-to guides.
