Get the latest Cyber Security updates by signing up for our myFT Daily Digest email. You’ll receive a roundup of the most recent Cyber Security news every morning.
In Turkey, cybercriminals have joined forces with newly arrived Russian émigré hackers to flood a previously inactive online marketplace with millions of recently stolen personal credentials. This represents a shift in the international nature of such fraudulent activities.
In September last year, many trained software engineers fled from Russia to Turkey following President Vladimir Putin’s order for military conscription for the war in Ukraine. Some of these engineers, according to Turkish police and security researchers, turned to low-level online scams and fraud, collaborating with established Turkish criminals to avoid detection, launder their earnings, and sell the credentials they obtained from computers worldwide in the European market.
The recent surge in cybercriminal activity has prompted an investigation by Turkish police, although these criminals use advanced online techniques, known as cloaking, to evade detection. In contrast, criminals from Russian-speaking countries tend to operate more openly due to lax enforcement by their governments.
The Turkish police, based in Antalya, a region popular among Russians, have stated that these newly-formed criminal cartels are careful not to target Turks to minimize scrutiny from local authorities. However, the Turkish police have not responded to requests for comment.
One marketplace favored by these cybercriminals, known as the Underground Cloud of Logs, has recently been inundated with millions of stolen credit cards, passwords, and login credentials. This trove of information, discovered by information security specialist Osher Assor at Auren Cyber Israel, utilizes sophisticated code to send freshly stolen credentials to numerous clients who subscribe to the data flows through Telegram groups.
The data is acquired using malware called Redline, which appears to bypass most antivirus software. Assor believes this malware is inadvertently downloaded by individuals using illegal websites for playing video games or using pirated versions of popular software. The value of the data obtained by Redline is enhanced by its inclusion of cookies, small pieces of personally identifiable code stored in people’s browsers. This allows hackers to impersonate victims online and even copy the credit cards saved for convenience in online shopping.
In screenshots of conversations with a Turkish hacker shared by Assor, hundreds of Telegram groups appear to offer access to the fresh stolen data for as little as $50 per week. Each bundle contains thousands of entries, with one screenshot showing 76 million data points collated for ease of use.
A Turkish information security specialist, who wished to remain anonymous due to the legal ambiguity around contact with hackers in Turkey, revealed that he infiltrated one of these Telegram groups by posing as a buyer. Over several months, he witnessed Russian hackers teaching their Turkish counterparts advanced code for organizing the large amounts of harvested data. The Turkish criminals utilized their contacts in Western Europe, particularly Germany, to secure better prices for well-organized data sets.
In other conversations, the specialist observed the group celebrating significant hauls, discussing methods for converting stolen cryptocurrency into Turkish lira, and even planning the purchase of real estate to obtain a Turkish passport.
According to the specialist, these individuals may not be high-profile hackers, but they are highly efficient and have mastered automation techniques, resulting in rapidly increasing output. Assor’s interactions with the group support this observation, showing professional marketing efforts and personalized guidance. In one instance, a Turkish hacker provided restaurant recommendations for Istanbul. However, when asked about his connections to the Russians, the hacker declined to provide information.
Denial of responsibility! Vigour Times is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
