Europol reportedthat last week, Polish and Swiss law enforcement authorities arrested five Polish hackers from the Infinity Black group. This group specialized in selling stolen credentials and hacking tools.
According to law enforcement, the group existed since the end of 2018 and was known mainly for managing the site. Infinity (.) Blackwhere dumps with different credentials were sold. Such “collections” were created by aggregating usernames and passwords leaked to the public during various incidents.
Edition Zdnet He refers to his own sources in the information security community and writes that the group had its own channels in Discord, shops on the e-commerce platform Shoppy.gg, as well as a number of “official” topics in several hacker forums. On these channels and forums, Infinity Black members actively advertised their site with dumps, as well as various hacking tools and scripts for conducting credential stuffing attacks.
It is also reported that members of Infinity Black themselves used similar hacker tools. Let me remind you that the term credential stuffing usually means situations where usernames and passwords are stolen from some sites and then used against others. That is, the attackers have a ready-made database of credentials (purchased on the darknet, collected independently, and so on) and try to use this data to log in to any sites and services under the guise of their victims. This is how Infinity Black used her “collections” of credentials.
According to Europol, the group mainly attacked online services that work with draft loyalty programs. Using credential stuffing attacks, Infinity Black members gained access to their accounts, and then sold them to other hackers who later exchanged other people's loyalty points for expensive electronic devices.
The Swiss authorities are also investigating the activities of the group, since Infinity Black gained access to a large number of accounts owned by Swiss users, and then sold access to them to other attackers, which led to financial losses among Swiss citizens.
“Although losses (of users) are estimated at 50,000 euros, hackers had access to accounts (the operation of which could entail) possible losses in the amount of 610,000 euros,” says Europol. “Fraudsters and hackers, including minors, were exposed when they used stolen data in stores in Switzerland.”
It is reported that during the arrests and searches of the suspects' homes, the Polish police seized electronic equipment, external hard drives and cryptocurrency hardware wallets totaling about 100,000 euros.
Police also confiscated two online platforms with databases that contained more than 170 million stolen credentials. It is believed that one of them was DataSense (.) Pw. The original Infinity Black site is not among them, since it stopped working last year, and it was closed by the members of the group themselves.
Apparently, the leader of the hack group, known as Azatej, was also arrested. Its absence was almost immediately noticed by users of hack forums, where Azatej regularly visited and advertised hacking tools. Other Infinity Black members include people known as Macien, TheN3RoX, and Kay, but it’s hard to say which of them was detained by the authorities.