A key member of the ShinyHunters cybercrime group is facing three years in the slammer and being forced to return $5 million in criminal proceeds.
Sebastien Raoult, 22, was in charge of developing websites for ShinyHunters that mimicked the real login pages of major brands.
The group would send phishing emails to employees directing them to the fake sites Raoult made, which then harvested the credentials victims entered.
From there, the group would break into victims' accounts to steal sensitive, personal, and financial data, before selling it on various dark web marketplaces and cybercrime forums.
In some cases, ShinyHunters would also demand a ransom payment from the owner of the stolen data, threatening to leak it if a payment wasn't made.
The stolen data would be searched for additional credentials that granted access to additional data held on companies' networks and third party services such as cloud storage providers.
The French national worked for ShinyHunters for more than two years, according to the US Attorney's Office for the Western District of Washington.
According to estimates, the large volume of sales during this period netted the group more than $6 million.
More than 60 companies are thought to have been breached by the gang.
While they haven't received official props for the attacks, ShinyHunters has laid claim to quite a few high-profile incidents including AT&T Wireless and Microsoft.
Raoult told the court he understood the significance of his crimes and promised to give up cybercrime, saying he didn't want to further disappoint his family.
Raoult was extradited to the US in late December 2022 after he was arrested in Morocco earlier that year.
France declined to extradite him back so the US was ultimately able to agree to extradition with Morocco.
The three-year sentence is broken down into 12 months for the conspiracy to commit wire fraud charge and 24 months for the aggravated identity theft charge, with credit for the time Raoult served while jailed in Morocco, according to court documents [PDF].
He will be under supervised release for a further 36 months after his sentence is served.
Also included on the original indictment [PDF] were Gabriel Kimiaie-Asadi Bildstein, 23, of Tarbes, France, and Abdel-Hakim El Ahmadi, 23, of Lyon, France, though they have yet to be sentenced.
This Cyber News was published on go.theregister.com. Publication date: Wed, 10 Jan 2024 16:28:04 +0000