Leader Of Hacking Group Responsible For 300 Attacks Worldwide Arrested In Spain
Read also: Microsoft takes legal action against cybercrime syndicate, the UK imposed first-ever sanctions for cyber fraud, and more.
Thursday, December 14, 2023
One of the leaders of the KelvinSecurity hacking group arrested in Spain
Spanish police have apprehended a Venezuelan citizen suspected of ties to a notorious hacker group known as KelvinSecurity, responsible for more than 300 hundred high-profile attacks on critical infrastructure entities and government institutions across 90 countries.
The group exploits software vulnerabilities to breach their targets and then proceeds to steal access credentials and exfiltrate sensitive information. The stolen data is then sold on cybercriminal forums.
The recent group’s attacks included the hack of the German Institute of Global and Area Studies, the Mexican political party Morena, the intrusion into the systems of a Chilean bank, and the breach of a multinational energy company, resulting in the theft of confidential data of more than 85,000 customers.
The police didn’t name the suspect but said he was responsible for the group’s financial operations, including money laundering via various cryptocurrency exchanges. The man was charged with multiple offenses, including involvement in a criminal organization, revealing of secrets, computer damage and money laundering.
Request your free demo now and talk to our experts.
Member of 'Clear Gods' group admits role in $28M phone upgrade fraud scheme
Delano Bush, aka “Lano” and “Duzz,” pleaded guilty to conspiracy to commit wire fraud in connection with a massive cellphone upgrade fraud scheme, which involved using stolen personal data to buy thousands of new phones on credit.
Bush was a member of the group known as “Clear Gods.” All seven members of the gang were charged by the US authorities in September 2022 for running a large-scale fraud.
Between June 2017 and September 2019, the defendant and his accomplices used stolen personal data to purchase mobile phones on credit, charging the devices to fraudulent AT&T accounts opened under the names of unsuspecting victims. Under the scheme, the culprits made over 26,000 fraudulent transactions, causing more than $28 million in losses.
Delano Bush faces a maximum penalty of 20 years imprisonment for the charge of conspiracy to commit wire fraud. In addition to the prison term, Bush will have to pay restitution to AT&T at least $1,500,000. The sentencing for Delano Bush has been scheduled for April 25, 2024.
The UK imposed first-ever sanctions for large-scale cyber fraud
The UK authorities imposed sanctions on 9 individuals and 5 entities involved in trafficking people in Asia (Cambodia, Laos and Myanmar), forcing victims to work in cyber scam call centers perpetrating fraud on a large scale.
In related news, a coordinated Interpol-led effort targeting human trafficking networks that compel victims into large-scale cyber scams resulted in the arrest of roughly 300 individuals who have been charged with multiple offenses ranging from human trafficking, passport forgery, corruption, and telecommunications fraud, to sexual exploitation.
Over five months, authorities conducted more than 270,000 inspections and police checks at 450 locations associated with human trafficking and migrant smuggling. Many of these sites were identified as focal points for trafficking victims directed to cyber scam hubs in Southeast Asia.
The victims, often enticed through fake job advertisements, endured severe physical abuse and were coerced into participating in widespread online fraud, including deceptive cryptocurrency investments, work-from-home scams, lottery fraud, and online gambling schemes. During the operation, law enforcement successfully rescued 149 human trafficking victims. Over three hundred investigations have been initiated as a result of the operation, with many still ongoing.
Money launderer for Hive ransomware gang arrested in France
French police apprehended a Russian national in Paris suspected of laundering money for the notorious Hive ransomware gang responsible for multiple high-profile attacks worldwide.
Hive operated as a Ransom-as-a-Service (RaaS) and has targeted over 1,800 victims in more than 70 countries around the globe since 2021, extorting more than $100 million in ransom payments. The group was dismantled in January 2023 as part of a joint international law enforcement operation. The alleged leader and four suspected members of Hive were arrested in Ukraine.
While the French police didn’t name the suspect, local media reported that he is aged around forty and lives in Cyprus. The police were able to identify the criminal “thanks to his activity on social networks.” The man was arrested on December 5 while he was in Paris and placed in custody.
The law enforcement authorities seized more than 570,000 euros in cryptocurrencies during searches at the suspect’s Cypriot home that he allegedly helped to steal.
Microsoft dismantled a cybercrime syndicate that created 750M fraudulent accounts
Microsoft and partners seized web sites and social media pages operated by Storm-1152, a cybercrime-as-a-service (CaaS) outfit responsible for creating for sale more than 750 million fake Microsoft accounts.
Besides fraudulent accounts, the group also sold tools that allow to bypass identity verification software across popular technology platforms. Through illicit activities the syndicate has earned millions of dollars, Microsoft said.
The seized websites include Hotmailbox.me (a marketplace for fraudulent Microsoft Outlook accounts), 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA (the last three sold bypass tools).
According to the tech giant, fraudulent Microsoft accounts were used by multiple cybercrime actors engaged in ransomware, data theft and extortion, including a financially motivated threat actor known as Scattered Spider (Octo Tempest, oktapus, UNC3944, Scatter Swine and Muddled Libra) deemed to be responsible for two high-profile attacks against MGM Casino and Caesars Entertainment.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
