The InfinityBlack hacking group has been dismantled following an operation by law enforcement agencies in Switzerland and Poland. The InfinityBlack hacking group sold millions of stolen credentials and hacking tools on hacking forums, and also conducted its own attacks. The groups activity resulted in losses of hundreds of millions of euros.
The hacking group, believed to have been formed in 2018, operated the infinity.black website which was used to sell credentials that had been leaked in past data breaches. The main source of income for the group was selling credentials for loyalty programs. The credentials were used by other cybercriminals who exchanged the points for electronic devices.
An investigation into the group was launched by Swiss law enforcement following a major attack that gave the hackers access to a large number of Swiss accounts. Around €50,000 in losses were sustained as a result of the attack, but the credentials were then used to access other accounts and the total losses are believed to be €610,000.
According to Europol, the network responsible for cashing out the stolen points was identified in Switzerland when some of the individuals involved attempted to use the stolen data in Swiss shops. Swiss law enforcement worked closely with law enforcement in Poland and, after exchanging data, the hackers behind the operation were located. Europol and Eurojust were brought in to help with taking down the gang and five arrests were made in Poland on April 29, 2020.
The residences of those individuals were searched and Polish police seized electronic equipment, hardware cryptocurrency wallets, and external hard drives worth around €100,000. Two databases containing more than 170 million credentials were also seized.
According to Europol, the hacking group consisted of three subgroups: developers who created tools to determine the quality of stolen databases, a team of testers who analyzed stolen data, and managers that distributed subscriptions for cryptocurrency payments.
The names of the individuals arrested in the operation have not been released, but one is believed to the leader of the group, Azatej, who has not been online since the arrests were made.