Sebastien Raoult, a 22-year-old from France, has pleaded responsible within the U.S. District Court docket of Seattle to conspiracy to commit wire fraud and aggravated identification theft as a part of his actions within the ShinyHunters hacking group.
Raoult, also called ‘Sezyo Kaizen,’ was apprehended final 12 months in Morocco for being suspected of being a co-conspirator of the infamous knowledge dealer and hacking group and was extradited to the U.S. in January 2023.
In line with the plea settlement, Raoult and his co-conspirators hacked into computer systems to steal company and buyer knowledge. They then offered it beneath the ShinyHunters alias on numerous boards, marketplaces, and Telegram channels.
The estimated injury attributable to this exercise exceeds $6,000,000, in keeping with the U.S. DoJ announcement, whereas the variety of data stolen is measured within the lots of of thousands and thousands.
“Raoult and his co-conspirators hacked into protected computer systems of company entities for the theft of confidential data and buyer data, together with personally identifiable data and monetary data,” reads the U.S. DoJ announcement.
“After Raoult and his co-conspirators hacked corporations, a consumer going by the identify ShinyHunters posted hacked knowledge from a lot of these corporations on the market on darkish internet boards, together with RaidForums, EmpireMarket, and Exploit.”
Between April 2020 and July 2021, the ShinyHunters group posted stolen datasets from over sixty corporations.
“An organization’s stolen knowledge sometimes offered for hundreds of {dollars}, and Shiny Hunters generally offered the identical firm’s knowledge a number of occasions,” reads Raoult’s plea settlement.
“For instance, ShinyHunters offered the info from Sufferer-4 for $5,000, 13 completely different occasions, for a complete of $65,000
Supply: BleepingComputer
In lots of instances, ShunyHunters extorted the breached companies, demanding a ransom fee to not publicly leak the stolen data.
“Shiny Hunters additionally demanded ransoms from some victims and succeeded in acquiring ransoms as massive as $425,000,” continued the plea settlement.
“When the co conspirators breached corporations’ cloud computing suppliers, they generally used them to generate revenue by cryptomining, whereas the cloud supplier billed the usage of computing energy to the sufferer corporations.”
Raoult and his co-conspirators employed a variety of ways to breach corporations, together with creating phishing websites that mimicked login pages for reliable platforms and companies.
As soon as the hackers stole legitimate account credentials, they used them to log in to the focused community to manually steal all knowledge that may very well be accessed from the compromised account.
Subsequent, the menace actors scrutinized the stolen knowledge for the existence of further account credentials which may assist them additional entry the breached firm’s networks, their cloud storage, or any of their third-party service suppliers.
After they may not promote stolen knowledge or it misplaced its worth, the menace actors generally distributed the info free of charge on hacker boards to realize popularity within the hacking neighborhood.
Raoult now faces a punishment of as much as 27 years in jail for conspiracy to commit wire fraud, plus at the least one other two years of jail time period for aggravated identification theft.