GoKawiilAuthorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks.
The operation was carried out by the Polish Cybercrime Bureau (CBZC) with support from the FBI and Homeland Security Investigations (HSI) in the United States.
According to investigators, the suspects carried out sophisticated cyberattacks to obtain data used in SIM-swapping attacks.
They hijacked victims' phone numbers, intercepted SMS messages and email communications, and ultimately gained control of accounts at cryptocurrency exchanges.
It is estimated that millions of U.S. dollars have been stolen this way and then laundered "via a distributed financial network."
“Using specialized software and social engineering, the perpetrators gained unauthorized access to the infrastructure of entities cooperating with telecommunications operators and employee email accounts,” reads CBZC’s announcement (automated translation).
“The data obtained in this way enabled so-called SIM swap attacks, which involve the illegal cloning and takeover of victims' phone numbers.”
Polish authorities comment that the actors treated these activities as “a regular source of income,” using multiple bank accounts across various countries and digital wallets to transfer the stolen funds.
“It is estimated that the total value of the funds laundered in this manner exceeds several tens of millions of Polish złoty,” mentions CBZC, which would translate into at least $5 million based on the current exchange rate.
The four arrested individuals, who have all been placed in pre-trial detention, now face offenses of participation in an organized criminal group, hacking into IT systems to commit theft, and money laundering.
... continue reading