European law enforcement authorities said the have arrested five individuals in Poland believed to be members of a hacking group known as InfinityBlack involved in the distribution of stolen user credentials, malware and hacking tools, as well as fraudulent activities.
Infinity Black was a website where hackers could buy access to stolen user credentials. The credentials were sold as so-called “combo lists,” which include many username and password combinations that could be used for credential stuffing attacks.
The group was organized into three teams focused on different tasks. The development group created tools to test the quality of the stolen databases, testers analyzed the suitability of authorization data, and project managers then distributed subscriptions against cryptocurrency payments.
“The hacking group’s main source of revenue came from stealing loyalty scheme login credentials and selling them on to other, less technical criminal gangs. These gangs would then exchange the loyalty points for expensive electronic devices,” Europol said.
The hackers also created a sophisticated script, which allowed them to gain access to a large number of Swiss customer accounts. Although the losses are estimated at €50 000, hackers had access to accounts with potential losses of more than €610 000, Europol said.
Five suspects were arrested in Poland on April 29 after the Polish National Police searched six locations and seized equipment (electronic equipment, external hard drives and hardware cryptocurrency wallets) worth approximately €100,000. Police have also shut down two platforms hosting databases with more than 170 million entries.