Thursday, June 13, 2024

Spain Arrests 34 Cybercriminals Who Stole Data of 4 Million People

Law enforcement officials have successfully apprehended a notorious criminal organization responsible for perpetrating computer scams and stealing sensitive data belonging to more than four million individuals.

Law enforcement officials arrested a criminal organization consisting of 34 cybercriminals. During the operation, authorities conducted 16 searches in various towns and seized several items, including two simulated firearms, a katana, a basketball, 80,000 euros in cash, four high-end vehicles, a database containing information on 4 million individuals, a computer, and electronic equipment worth thousands of euros.

Close to €3 million was illegally obtained by the group through various fraudulent means such as smishing, phishing, vishing, the son-in-distress scam, manipulation of technology company delivery notes, and pretending to be employees of an electricity supply company while engaging in vishing campaigns.

Spoofing Techniques

Smishing: Smishing is a text message tricking recipients into clicking a link or sending private information to an attacker.

Phishing: Phishing is a social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware.

Vishing: Vishing is a phone scam to steal confidential information from individuals or organizations.

Cryptocurrency assets were purchased by the leaders of the network using their profits. They also created fake documentation and used spoofing techniques to conceal their identities.

A specialized agent from the Central Cybercrime Unit conducted an investigation and discovered a criminal network that had unlawfully accessed the databases of several financial and credit institutions.

The network had deposited varying sums of money from the credit institution into their customers’ accounts.

Various banks’ identities were impersonated in vishing campaigns, while electricity supply companies’ identities were used in phishing campaigns, along with the ‘son in distress’ scam. The information was utilized for these purposes.

The organization’s fraudulent scheme consisted of rerouting the products obtained from suppliers towards the organization itself, effectively sidestepping the intended recipient company that had purchased the computer and electronic goods.

The main leaders of the network have been arrested, and over 1,000 complaints have been resolved, with the possibility of identifying more perpetrators and victims.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


Latest articles

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...

Firefox 127 Released With patch for 15 Vulnerabilities

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles