Pierluigi Paganini September 25, 2020

Polish police dismantled a major group of hackers that was behind several criminal activities, including ransomware attacks, and banking fraud.

Polish authorities have dismantled a major hacker group that was involved in multiple cybercrime activities, including ransomware attacks, malware distribution, SIM swapping, banking fraud, running rogue online stores, and even making bomb threats at the behest of paying customers.

The gang, composed of four suspects, in believed to be among the most active groups in the country.  

“Today, the Polish authorities are announcing the arrest of 4 suspected hackers as part of a coordinated strike against cybercrime. Those arrested are believed to be among the most active cybercriminals in the country.” reads the press release published by the Europol. 

“This operation was carried out by the Polish Police Centre Bureau of Investigation (Centralne Biuro Śledecze Policji) under the supervision of the Regional Prosecutor’s Office in Warsaw (Prokuratura Regionalna w Warszawie), together with the cybercrime departments of provincial police headquarters and Europol.”

The arrests are the result of an investigation that begun in May 2019, when the group sent a first bomb threat to a school in Łęczyca after being paid by an individual named Lukasz K..

According to local media, the hackers spoofed the email of a businessman that was a rival of the victim, for this reason, the police arrested him and detained the man for two days in prison. Once the police understood that he was extraneous to the attack, the man was released out of jail and hired a private investigator to discover who was behind the bomb alert.

When the group of hackers discovered that the man was released, they hacked a Polish mobile operator and generated invoices for thousands of zlotys in the name of both the detective and the businessman.

The group is behind several bomb threats that targeted multiple organizations, including the Western Railway Station in Warsaw and 1,066 kindergartens across the country.

According to Europol’s press release, the gang was involved in many other criminal activities, including:

• Malware distribution: two members of the gang were involved in the distribution of malware, such as Remote Access Tools (RAT) and mobile malware, to over 1000 people across Poland. The malware was distributed through phishing messages impersonating government institutions. According to the news site Zaufana Trzeciastrona, the hackers distributed both Windows and Android malware, including Cerberus, Anubis, Danabot, Emotet, and njRAT.
• SIM swapping:  Personal data, including bank account credentials, stolen with malware were used by hackers in SIM SWAPPING attacks. Crooks were able to steal over €147 000 (PLN 662 000) from their victims’ bank accounts.
• E-commerce fraud: one member of the gang was running 50 fake online shops and defrauded approximately 10,000 people.

Zaufana Trzeciastrona revealed the name of the individuals arrested by the police:

• Kamil S., once, during the ToRepublic times, known as Razzputin (now he used other pseduonyms),
• Paweł K., operating under the pseudonym Manster_Team, until recently the role of a “banker”,
• Janusz K., one of the most active and versatile perpetrators of most of the crimes described below, IT technician
• Łukasz K., also an important figure in the underground world
• as well as Mateusz S., Radosław S., Joanna S. and Beata P.

Pierluigi Paganini

(SecurityAffairs – hacking, hackers)

[adrotate banner=”5″]

[adrotate banner=”13″]