Polish Hacker Group Busted for Extortion, SIM Swapping, and Fake Bomb Threats

By Riley ThompsonTechnology News

Polish Hacker Group Dismantled for Extortion, SIM Swapping, and Fake Bomb Threats

Polish law enforcement has announced the takedown of a hacker group involved in a wide range of illegal activities, including extortion attacks, malware distribution, bank fraud, SIM swapping, fake online stores, and even sending false bomb threats on behalf of clients.

Arrests and Suspects

Four suspects have been arrested so far:

  • Kamil S., also known as Razzputin, a participant in many Russian-language hacker forums including Exploit and Cebulka;
  • Pawel K., known as Manster_Team, mainly involved in banking crimes;
  • Janusz K., implicated in most of the group’s crimes;
  • Lukasz K., reportedly a prominent figure in the criminal world.

Another four suspects are under investigation, identified in court documents as Mateusz S., Radoslaw S., Joanna S., and Beata P.

Fake Bomb Threats and Their Consequences

According to Polish media, authorities became interested in the group’s activities in the summer of 2019, when the hackers first sent a bomb threat to a school in the city of Leczyca. Investigators claim that Lukasz K. found and hired hackers online to send the bomb threat email, making it appear as if it was sent by a competing business partner of the school.

The man whose identity was forged in the hackers’ email was arrested and spent two days in jail before police realized what had happened. After his release, he hired a private detective to track down the real perpetrators behind the fake bomb threat.

Investigators say that when the hackers realized they were being pursued, they hacked a Polish mobile operator and retaliated by issuing bills for several thousand zlotys in the names of both the detective and the businessman.

The group didn’t stop at just one bomb threat. They are linked to other fake bomb threats, including one at Warsaw’s West Railway Station. The most notorious incident occurred on June 26 and 27, 2019, when the hackers were hired to send bomb threats to 1,066 kindergartens across Poland. According to Polish TV channel TVN24, the evacuation affected 10,536 people in 275 kindergartens nationwide.

Authorities report that the hackers charged 5,000 zlotys (about $1,200) for each fake bomb threat.

Other Criminal Activities

Sending bomb threats was far from the group’s only source of income. The investigation soon revealed a long trail of other crimes. Most often, the group distributed malware through phishing emails. Polish news site Otopress reports that the hackers were linked to at least 87 different domains used to spread malware. The malware targeted both Windows and Android devices, including well-known threats like Cerberus, Anubis, Danabot, Netwire, Emotet, and njRAT. Authorities estimate the group’s total number of victims to be in the thousands.

The hackers stole personal data from infected users, which was then used to steal money from banks with weak security systems. Even when banks had multi-factor authentication, the hackers adapted. They used stolen information to order fake documents on the dark web, then used those documents to trick mobile operators into issuing replacement SIM cards for victims—a tactic known as SIM swapping.

For example, by pretending to be the real owner of a phone number, a scammer would claim the SIM card was lost or broken and request a new one. This allowed them to hijack accounts linked to the phone number, effectively stealing the victim’s identity. Such attacks are often used to steal large amounts of cryptocurrency, drain bank accounts (by intercepting 2FA codes), and even take over valuable Instagram accounts. Notably, this method was used last year to hack the Twitter account of Twitter’s CEO and nearly compromise the crypto platform BlockFi.

Polish media report that through SIM swapping, the group managed to steal 199,000, 220,000, and 243,000 zlotys (about $50,000, $55,000, and $60,000) in three separate incidents. In another case, they attempted to steal 7,900,000 zlotys (about $1.95 million) from a single person, but bank employees became suspicious and called the victim’s phone number to confirm the transaction. Since the SIM card had already been swapped, the call went to the hackers, but the bank employee did not recognize the voice and blocked the transaction.

Fake Online Stores

In addition to the above, the group also ran another “business”: they created about 50 fake online stores selling non-existent goods, scamming more than 10,000 buyers.

Leave a Reply