Three more years ago, the ShinyHunters were still only a jargon term reserved for insiders of the Pokémon community, this cult saga originating in Japan. But from April 2020, as noted by the cybersecurity company Intel471, a group of particularly virulent cybercriminals will take over the expression. With objectives much darker than the hunt for little monsters: the theft and the sale of data.
Targeted by an FBI investigation, the ShinyHunters may have experienced a serious judicial arrest. As unveiled by The Obs, Sébastien Raoult, a 21-year-old Frenchman, was arrested on May 31 at Rabat-Salé airport in Morocco. He is the subject of an extradition request sent by the American justice system, which suspects him of being a member of the cybergang and of having thus participated in several computer hacks. According to his lawyer, Philippe Ohayon, who wants the young man to be tried in France instead, Sébastien Raoult now faces a prison sentence of 116 years across the Atlantic. Or the sum of the penalties provided for the nine counts of prevention referred to.
A major hunting board
According to an indictment dated June 23, 2021, viewed by The world, the ShinyHunters would be involved in the sale of data belonging to more than sixty companies. Either, according to a second court document summarizing the charges against Sébastien Raoult dated June 10, 2022, of which The world was also copied, damage amounting to millions of dollars. An amount estimated more precisely by Intel471 at “tens of millions of dollars”given the hunting roster of cybercriminals, who have attacked, among others, the Pixlr photo editing application, the Bonobos clothing brand, the Nitro PDF editing service, the e -Indonesian trade Tokopedia or even Big Basket, an Indian retail company.
The targeted developers were thus first contacted by email, with messages that contained links to the phishing sites.
The ShinyHunters hackers had a well-honed method, notes the FBI. Their modus operandi was based on phishing, this technique consisting in usurping an identity to deceive its victim. The cybercriminals were particularly targeting users of GitHub, a platform acquired by Microsoft in 2018 that allows developers to store and share IT projects. The targeted developers were thus first contacted by email, with messages that contained links to the phishing sites. These imitated the GitHub login portal, which allowed attackers to get hold of their victim’s credentials, before seizing the accessible resources. Cybercriminals took advantage of this first access to then attempt to bounce back to the network of the company to which the targeted developer belonged.
You have 47.83% of this article left to read. The following is for subscribers only.