The Polish authorities arrested by hackers a group involved in attacks ransomware, threats for bombs, SIM swapping, distribution malware, bank fraud, fake online stores and many other malicious activities.
Police arrested four members of the group this week, and four more suspects are under investigation.
The Polish media report that police has been investigating these hackers since May 2019, when the team had threaten a school with a bomb in the city of zyczyca.
Investigators say a man named Lukasz K. found the hackers in forums and hired them to send a bomb threat to a local school. The e-mail sent by the hackers seemed to come from a rival businessman.
The man whose identity was forged in e-mail, was arrested and spent two days in jail before police found out what really happened. When the businessman was released from prison, he hired a famous private investigator to identify the culprits who tried to accuse him unjustly.
When the hacking team realized that research was being done, violated a Polish mobile phone company and created invoices of thousands of zlotys (the Polish currency) in the name of both the detective and the businessman.
Bomb threats in 1,066 kindergartens
Hackers have been linked to others threats for bombs at Warsaw West Railway Station, the capital of Poland.
Also, hackers have been linked to bomb threats in 1.066 kindergartens across Poland on 26 and 27 June 2019. A total of 10.536 people were evacuated from 275 kindergartens after receiving emails about a bomb.
According to investigators, for every fake bomb threat they sent, the hackers demanded 5.000 zlotys (. $ 1.300).
Ransomware, for stealing information RATs, SIMs. swapping
The hackers, however, were not only concerned with bomb threats. Police found that the group was active in many areas. In most cases, hackers distributed malware via Phishing attacks. The group is said to be linked to 87 different domains used to distribute malware. The hackers targeted at both Windows and Android devices, with malware such as Cerberus, Anubis, Danabot, Netwire, Emotet and njRAT. Authorities believe the hackers targeted thousands victims.
Hackers could steal personal information, to steal money from banks with weak safety.
Otherwise they could use the stolen items to order fake identities from Dark web and use them to defraud mobile providers to transfer the victim account to a new SIM card.
Using this SIM card, intruders can reset passwords for victim's online accounts or bypass two-factor authentication (2FA) to steal money.
According to the Polish media, the hackers managed to steal 199.000, 220.000 and 243.000 zlotys ($ 50.000, $ 56.000 and $ 62.000) in three different attacks using this technique.
In addition, the hackers tried to steal 7,9 million zlotys ($ 2 million) from a victim, but this hack stopped when the bank called victim to confirm the transaction. The hackers had done SIM swapping, but the bank employee realized that the voice he heard did not belong to his client and so he did not proceed with the transaction.
Creating fakes online stores
Police said the hackers set up 50 fake online stores and sold products that did not actually exist. The criminals managed to deceive more than 10.000 buyers.
According to ZDNet, the people arrested are:
- Ο Kamil S., also known as “Razzputin”. He is a member of many Russian-speaking hacking forums, such as Exploit and Cebulka
- Ο Pawel K., also known as “Manster_Team”. He has been mainly involved in bank fraud
- Ο Lukasz K., which is well known on the dark web and in underground forums
- Ο Janusz K., who has been involved in most of the group's crimes
According to ZDNet, authorities are investigating four more suspects - themselves Mateusz S., Radosław S., Joanna S. and Beata P. - for their possible relationship with the hacking team.
Η Europol has also been involved in research and published a Press release which says hackers have likely targeted victims outside Poland as well.