Φiriki Intelligence Blog 5 Top Stories from October 2024

5 Top Stories from October 2024

Notorious hacker ‘USDoD’ suspected of high-profile cyber-attacks arrested in Brazil

The Federal Police (PF) arrested a 33-year-old Brazilian hacker suspected of orchestrating cyber intrusions into the systems of the Federal Police itself, as well as various international institutions, and selling stolen data.

The investigation suggests the hacker was responsible for two major data-selling incidents in May 2020 and February 2022. While the agency didn’t name the suspect, it stated that the hacker was behind multiple high-profile data breaches, including the leak of sensitive information from InfraGard, a US Federal Bureau of Investigation (FBI) partnership with private critical infrastructure entities.

A hacker known online as USDoD aka EquationCorp took responsibility for the InfraGard data breach, claiming to have compromised and disclosed the personal details of 80,000 members associated with the program.

In addition to the InfraGard breach, the hacker is believed to have targeted major organizations such as Airbus, the United States Environmental Protection Agency (EPA), and TransUnion. The hacker was also named in US court documents in connection to the investigation into the administrator of the BreachForums hacker forum, Conor Fitzpatrick aka “Pompompurin,” where “USDoD” was cited as a seller of the InfraGard member data.

Finnish police shut down Sipulitie Dark Web marketplace

Working together with Swedish police and Europol, Finnish Customs has dismantled the Sipulitie marketplace, which had been operating on the Dark Web since 2023. The marketplace’s servers were seized and its administrator identified, along with several moderators and customer service agents who supported the platform.

The Sipulitie platform, available in both Finnish and English, allowed users to unanimously engage in illegal drug transactions. According to the marketplace’s administrator, Sipulitie had generated a turnover of €1.3 million.

Sipulitie was the successor to the earlier platform, Sipulimarket, which began operations in April 2019. The Finnish-language marketplace also facilitated illegal drug and doping substance sales. It was taken down in December 2020 through a collaboration between Finnish Customs and Polish authorities, with its revenue estimated at over €2 million.

The ongoing investigation has revealed that following the shutdown of Sipulimarket in 2020, its administrator launched Sipulitie to continue the illegal drug trade. The same individual is also suspected of running a chat-based drug marketplace called Tsätti, which was launched in 2022 and has now been closed by Finnish authorities.

Dutch police arrest two suspects linked to a massive SMS scam

Dutch police have arrested two suspects involved in a large-scale “smishing” operation, where over 150,000 SMS messages were sent posing as the Dutch tax authority. The operation reportedly netted the scammers thousands of euros daily.

Authorities identified the suspects, aged 20 and 24, after a local company filed a complaint regarding an unusual order of SIM cards made in their name by a former employee. Upon investigation, police discovered that the SIM cards were being used to send fraudulent text messages designed to trick victims into sharing personal information or making payments.

The scam messages, designed to look like official communications from the Dutch tax authority, lured victims into clicking on malicious links, leading to a web page, where their sensitive information was stolen.

The two suspects were arrested in a house in a Utrecht neighborhood, with law enforcement officers seizing several data carriers and high-end branded clothing.

Former RAC employees receive suspended sentence for data theft

Two former employees of British automotive services company RAC have been sentenced for unlawfully copying and selling personal information, involving over 29,500 lines of sensitive data.

Debbie Okparavero and Maliha Islam, who both worked as customer service specialists at the RAC’s call center in Stretford, were handed suspended prison sentences.

The data theft was discovered after RAC installed new security monitoring software, which flagged Okparavero’s unauthorized access to personal information. The data, largely related to individuals involved in road traffic accidents, was later found to have been shared with Islam through WhatsApp messages. Investigators also uncovered that the stolen information was sold to a third party.

Both Okparavero and Islam were sentenced to six months in prison, though the sentences were suspended for 18 months. In addition to the suspended sentences, each was required to complete 150 hours of unpaid community service as part of their punishment.

The US disrupts Anonymous Sudan DDoS operation, indicts two Sudanese brothers

US authorities have disrupted the operations of Anonymous Sudan, a prolific hacking group known for conducting large-scale distributed denial-of-service (DDoS) attacks. Federal prosecutors announced charges against two Sudanese nationals, brothers Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer, who are allegedly key figures in the group’s operation.

Anonymous Sudan, which operates under an ideologically motivated agenda, has attacked several high-profile targets across the globe, including US government agencies such as the Department of Justice, Department of Defense, FBI, and State Department, as well as technology platforms and infrastructure service providers.

The group has also targeted the Cedars-Sinai Medical Center in Los Angeles, causing disruptions and an eight-hour shutdown of the hospital’s emergency department. Anonymous Sudan’s attacks caused over $10 million in damages in the US alone, officials said. In March 2024, the US authorities took down the group’s DDoS tool named ‘DCAT’.

Ahmed Salah Yousif Omer faces one count of conspiracy to damage protected computers and three counts of damaging protected computers, which, if convicted, could result in a maximum life sentence. His brother, Alaa Salah Yusuuf Omer, faces one count of conspiracy to damage protected computers, with a possible five-year sentence if convicted.