Turkish Crime Family group will remotely wipe hundreds of millions of iPhones unless Apple pays ransom

Hackers belonging to the Turkish Crime Family group threaten to remotely wipe hundreds of millions of iPhones unless Apple pays a ransom.

Crooks are claiming to have over 627 millions of iCloud credentials and intend to wipe date from iPhones, iPads and Macs if the Apple does not pay $150,000 within two weeks.

Members of the group which calls itself Turkish Crime Family claim that they’ve been involved in selling databases of stolen credentials for the past few years.

“The group said via email that it has had a database of about 519 million iCloud credentials for some time, but did not attempt to sell it until now. The interest for such accounts on the black market has been low due to security measures Apple has put in place in recent years, it said.” reported ComputerWorld.

The members of the group are originally from Istanbul, but now seem to be located in Green Lanes, an area in North London.

Turkish Crime Family

The situation is not so critical, changing the iCloud passwords will make ineffective the operation of the crooks. As usual, let me suggest also to enable two-factor authentication.

The hackers claim to have verified over 220 million of the credentials, they login credentials allowed them to access to iCloud accounts.

The hackers tested the login credentials using automated scripts and a large number of proxy servers to avoid being blocked by Apple.

Initially, the Turkish Crime Family crew asked Apple a $75,000 ransom in Bitcoin or Ethereum cryptocurrency. Now the group has increased its request raising the ransom value to $150,000, and the group intends to increase it further if Apple doesn’t pay in three days.

According to Motherboard, Apple will not pay the ransom, the hackers provided screenshots of alleged emails between its members and the Apple’s security team. Someone also published a video on YouTube showing how to use leaked credentials to access iCloud accounts, but the group claims that the person who shared the video is not a member of their group.

“We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it’s seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law,” reads a message allegedly sent by a member of Apple’s security team reads. (Motherboard only saw a screenshot of this message and not the original). The alleged Apple team member then says archived communications with the hacker will be sent to the authorities.”

Apple did not immediately respond to a request for comment.

“We are doing this because we can and mainly to spread awareness for Karim Baratov and Kerem Albayrak, which both are being detained for the Yahoo hack and one of them is most probably facing heavy sentencing in America,” a representative for the group said via email. “Kerem Albayrak on the other hand is being accused of listing the database for sale online.”

At this point we have to wait April 7, this is the date when the hackers plan to launch the mass attack on iCloud accounts and wipe their contents.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – iCloud credentials, Turkish Crime Family)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next Machete espionage campaign continues to target LATAM countries »

Previous « Rogue Cellphone towers used to spread the Android Swearing Trojan

Published by

Pierluigi Paganini

Tags: Cybercrimehacking. AppleiCloud credentials

8 years ago

Canada’s second-largest airline WestJet is containing a cyberattack

Canada's airline WestJet has suffered a cyberattack that impactd access to some internal systems and…

3 hours ago

Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 49

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

5 hours ago

Breaking News

Security Affairs newsletter Round 528 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…

7 hours ago

Security

Palo Alto Networks fixed multiple privilege escalation flaws

Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions.…

1 day ago

Malware

Unusual toolset used in recent Fog Ransomware attack

Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec…

1 day ago

Hacking

<gwmw style="display: none; background-color: transparent;"></gwmw>A cyberattack on United Natural Foods caused bread shortages and bare shelves<gwmw style="display: none; background-color: transparent;"></gwmw><gwmw style="display:none;"></gwmw>

Cyberattack on United Natural Foods Inc. (UNFI) disrupts deliveries, causing Whole Foods shortages nationwide after…

2 days ago