Last January, several French sports federations were victims of a cyberattack. By exploiting a vulnerability in an IT service provider shared by all the organizations, the hacker was able to compromise the data of more than four million member athletes. The cybercriminal, who goes by the name TheFrenchGuy, auctioned the data on BreachForums, the hub for compromised information.
Several months later, the stolen directories resurfaced on the dark web. Zataz identified the stolen information in a "public storage space" owned by a cybercriminal. The names used to classify the data show that it is indeed information stolen from federations such as the French Boxing Federation, the French Motorsport Federation, the French Motorcycle Federation, the French Roller & Skating Federation, and the French Federation of Roller Skating. Skateboarding, the French Sports and Cultural Federation, the French Archery Federation, the French Mountaineering and Climbing Federation, and the French Strength Federation.
Recycling Compromised Data
The hacker, known as Root, posted the data on a new criminal forum on the dark web. By posting the information, he is reportedly seeking to earn reputation credits. Most hacking platforms operate on a reputation system. Users gain credibility by sharing stolen data or hacking tools. The more active and reliable a hacker is, the more credits or trust points they acquire, which then allows them to access restricted content or sell at higher prices.
According to the forum discussions viewed by Zataz, Root is a repacker. This is a hacker who is used to recycling an existing leak, which he did not orchestrate himself, and repackaging it, for example by changing the format of the data, to pass himself off as the perpetrator of the operation. This is a practice frowned upon in criminal circles, but it sometimes allows one to gain reputation on platforms. This information can serve as a starting point for phishing and identity theft attacks.
They are resurfacing on the criminal web in a context that is already particularly critical for Internet users in France, with a continuing explosion of data leaks and cyberattacks. Recently, France was affected by the leak of data from several pension funds, and the theft of tax information from millions of taxpayers.
Source: Zataz
0 Comments