Today, the Polish authorities are announcing the arrest of 4 suspected hackers as part of a coordinated strike against cybercrime. Those arrested are believed to be among the most active cybercriminals in the country.
This operation was carried out by the Polish Police Centre Bureau of Investigation (Centralne Biuro Śledecze Policji) under the supervision of the Regional Prosecutor’s Office in Warsaw (Prokuratura Regionalna w Warszawie), together with the cybercrime departments of provincial police headquarters and Europol.
These 4 suspects are believed to be involved in a wide variety of cybercrimes, including:
- Malware distribution: investigators established that two of the suspects were involved in the distribution of malware, such as Remote Access Tools (RAT) and mobile malware. The malware was distributed through phishing emails impersonating government institutions. Over 1 000 people across Poland are believed to have fallen victim to this particular scam.
- SIM swapping: The criminals stole personal data, including bank account credentials, from computers and phones infected with malware previously deployed on victims’ devices. They would then use the stolen data to dupe the victims’ mobile phone operators into porting the victims’ phone numbers to other SIM cards in the possession of these individuals. From that moment on, the criminals would receive all incoming calls and text messages, including one-time banking passwords which they used to transfer money out of the victims’ bank accounts into the accounts of money mules or cryptocurrency exchange platforms. Using such a technique, the criminals were able to steal over €147 000 (PLN 662 000) from their victims’ bank accounts.
- E-commerce fraud: one of the criminals under investigation was also running 50 fake online shops and is believed to have defrauded approximately 10,000 people. A number of these fake e-commerce websites were also used to distribute malware.
Two of those arrested were also behind a series of bomb threats sent to kindergartens across the country, prompting the evacuation of 13 350 people.
Europol’s European Cybercrime Centre (EC3) supported the Polish authorities with operational analysis in order to identify the main targets and inform the overall strategy.