Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ShinyHunters member sentenced to three years in prison

A U.S. District Court sentenced ShinyHunters hacker Sebastien Raoult to three years in prison and ordered him to pay more than $5 million in restitution. The member of the ShinyHunters hacker group Sebastien Raoult was sentenced in U.S. District Court in Seattle to three years in prison and more than $5 million in restitution for […]

ShinyHunters dark web

A U.S. District Court sentenced ShinyHunters hacker Sebastien Raoult to three years in prison and ordered him to pay more than $5 million in restitution.

The member of the ShinyHunters hacker group Sebastien Raoult was sentenced in U.S. District Court in Seattle to three years in prison and more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft.

Sebastien Raoult (also known as “Seyzo Kaizen”), is a French national that has been extradited from Morocco to the United States in January 2023.

Raoult and two other co-conspirators were charged with having hacked into protected computers of corporate entities and for the theft of stolen proprietary information.

According to the indictment, Raoult was a participant in the notorious hacking group “ShinyHunters.”

The conspirators hacked into the protected computers of corporate entities and stole proprietary and corporate information.  The group advertised stolen data for sale and sometimes threatened to leak or sell stolen sensitive files if the victim did not pay a ransom.

ShinyHunters leaked the stolen data on multiple dark web forums, including RaidForums, EmpireMarket, and Exploit. According to DoJ, ShinyHunters posted sales of hacked data from more than 60 companies between April 2020 and July 2021.

ShinyHunters dark web

“For over two years, Mr. Raoult participated in extensive computer hacking that caused millions of dollars in losses to victim companies and unmeasurable additional losses to hundreds of millions of individuals whose data was sold to other criminals,” said Criminal Chief Sarah Vogel of the Western District of Washington. “Mr. Raoult’s motive was pure greed. He sold hacked data. He stole people’s cryptocurrency. He even sold his hacking tools so that he could profit while other hackers attacked additional victims.” 

Raoult and his co-conspirators created websites mimicking the login pages of legitimate businesses. Then they sent phishing emails to company employees that were designed to look like they came from legitimate businesses and included links to the fake login pages.

Once obtained the victims’ credentials, the hacker group used them to breach victims’ accounts, steal the data stored there, and search the stolen data for credentials to access additional data on companies’ networks and third-party service providers, such as cloud storage services. 

I pubblici ministeri ritengono che i cospiratori abbiano rubato centinaia di milioni di dati dei clienti e causato perdite alle aziende vittime che si stima superino i 6 milioni di dollari.

Sebastian Raoult told the court that he understood his mistakes and admitted that he regretted it.

“I understand my mistakes and I want to put that part behind me.  No more hacking.  I don’t want to disappoint my family again.” said Raoult.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ShinyHunters)