The Spanish police have arrested 34 members of a cybercriminal group that is suspected to have stolen data of over four million individuals. The authorities conducted 16 searches in Madrid, Málaga, Huelva, Alicante and Murcia and seized firearms, a katana, a baseball bat, four high-end cars, 80,000 euros in cash, a database with information on four million people, and computer and electronic material valued in thousands of euros.
The gang carried out several fraudulent activities and earned about three million euros by carrying out various types of scams and reselling the stolen data to other cybercriminals. Criminal activities conducted by the group are smishing, phishing and vishing campaigns, and the ‘son in distress’ scam. The crooks impersonated delivery firms and electricity suppliers to scam the victims.
The leaders of the criminal organization used false documentation and spoofing techniques to hide their identity and invested their profits in crypto assets to launder the proceeds.
“The investigation began at the beginning of this year by specialized agents of the Central Cybercrime Unit, when they identified a criminal network that illegally accessed databases of various financial and credit entities, entering different amounts of money into client accounts from the credit institution. They then contacted those clients informing them that due to a computer error they had entered a loan and had to return it.” said the Spanish Police.
The victims received instructions on how to return the funds, they were directed to phishing sites impersonating their banks and entered sensitive data that were sent to the cyber criminals.
“As the investigation progressed, it was discovered that they also penetrated other multinational commercial databases, obtaining personal data of more than four million people who could have been used to commit their criminal actions.”
The individuals recognized as the leaders of the cybercrime ring have been already arrested and the investigation to identify other members of the group is still ongoing.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cybercriminal group)
Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for…
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS…
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.…
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report…
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization…
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers…
This website uses cookies.