Alleged member of ShinyHunters group extradited to the US, could face 116 years in jail

An alleged member of the ShinyHunters cybercrime gang has been extradited from Morocco to the United States.

Sebastien Raoult, a French national who is suspected of being a member of ShinyHunters cybercrime gang known as “Seyzo Kaizen,” has been extradited from Morocco to the United States.

The 22-year-old man was arrested in Morocco at Rabat international airport in Morocco on May 31, 2022, while trying to take a flight to Brussels.

Raoult and two other co-conspirators are charged with having hacked into protected computers of corporate entities and for the theft of stolen proprietary information. 

“According to the indictment, Raoult was a participant in a hacking group that dubbed itself the “ShinyHunters.”  The conspirators allegedly hacked into protected computers of corporate entities for the theft of proprietary and corporate information.  The group advertised sensitive stolen data for sale and sometimes threatened to leak or sell stolen sensitive files if the victim did not pay a ransom.” reads the press release published by DoJ. “Since early 2020, ShinyHunters Group has marketed and promoted data stolen from more than 60 companies in Washington State and elsewhere around the world.”

The group offered the stolen data for sale and sometimes threatened to leak it if the victim did not pay a ransom.

It has been estimated that since early 2020, the ShinyHunters group has targeted more than 60 companies worldwide (including Tokopedia, Homechef, Chatbooks.com, Microsoft, AT&T, and Minted).

The indictment also charges 23-year-old Gabriel Kimiaie-Asadi Bildstein aka “Kuroi” and “Gnostic Players,” of Tarbes, France, and 22-year-old Abdel-Hakim El Ahmadi aka “Zac” and “Jordan Keso” of Lyon, France.

If convicted, Raoult could face up to 116 years in prison. The defendant’s lawyer, Philip Ohayon has commented on the extradition to the US saying that “France has abandoned him.”

“The conspiracy to commit computer fraud and abuse charge is punishable by a maximum of ten years in prison.  The conspiracy to commit wire fraud count is punishable by a maximum of 27 years in prison.  Wire fraud is punishable by a maximum of 20 years in prison.” concludes the Press Release. “Aggravated identity theft is punishable by a mandatory minimum two-year prison term to follow any other prison sentence imposed in the case.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]