Sebastien Raoult, a 22-year-old from France, has pleaded responsible within the U.S. District Court docket of Seattle to conspiracy to commit wire fraud and aggravated id theft as a part of his actions within the ShinyHunters hacking group.

Raoult, often known as ‘Sezyo Kaizen,’ was apprehended final yr in Morocco for being suspected of being a co-conspirator of the infamous knowledge dealer and hacking group and was extradited to the U.S. in January 2023.

In accordance with the plea settlement, Raoult and his co-conspirators hacked into computer systems to steal company and buyer knowledge. They then bought it below the ShinyHunters alias on varied boards, marketplaces, and Telegram channels.

The estimated injury brought on by this exercise exceeds $6,000,000, in keeping with the U.S. DoJ announcement, whereas the variety of information stolen is measured within the a whole bunch of hundreds of thousands.

“Raoult and his co-conspirators hacked into protected computer systems of company entities for the theft of confidential info and buyer information, together with personally identifiable info and monetary info,” reads the U.S. DoJ announcement.

“After Raoult and his co-conspirators hacked firms, a consumer going by the identify ShinyHunters posted hacked knowledge from a lot of these firms on the market on darkish net boards, together with RaidForums, EmpireMarket, and Exploit.”

Between April 2020 and July 2021, the ShinyHunters group posted stolen datasets from over sixty firms.

“An organization’s stolen knowledge sometimes bought for hundreds of {dollars}, and Shiny Hunters generally bought the identical firm’s knowledge a number of instances,” reads Raoult’s plea settlement.

“For instance, ShinyHunters bought the information from Sufferer-4 for $5,000, 13 totally different instances, for a complete of $65,000

In lots of circumstances, ShunyHunters extorted the breached companies, demanding a ransom fee to not publicly leak the stolen info.

“Shiny Hunters additionally demanded ransoms from some victims and succeeded in acquiring ransoms as giant as $425,000,” continued the plea settlement. 

“When the co conspirators breached firms’ cloud computing suppliers, they generally used them to generate revenue by cryptomining, whereas the cloud supplier billed using computing energy to the sufferer firms.”

Raoult and his co-conspirators employed a variety of ways to breach firms, together with creating phishing websites that mimicked login pages for reputable platforms and companies.

As soon as the hackers stole legitimate account credentials, they used them to log in to the focused community to manually steal all knowledge that could possibly be accessed from the compromised account.

Subsequent, the risk actors scrutinized the stolen knowledge for the existence of further account credentials that may assist them additional entry the breached firm’s networks, their cloud storage, or any of their third-party service suppliers.

After they might now not promote stolen knowledge or it misplaced its worth, the risk actors generally distributed the information totally free on hacker boards to achieve repute within the hacking group.

Raoult now faces a punishment of as much as 27 years in jail for conspiracy to commit wire fraud, plus not less than one other two years of jail time period for aggravated id theft.