Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Ukraine's Secret Service Busts 5 Alleged 'Phoenix' Hackers

Alleged Phoenix Cybercrime Group Suspects Charged With Selling Hacking As A Service
Ukraine's Secret Service Busts 5 Alleged 'Phoenix' Hackers
A raid by Ukraine Secret Service agents on a business allegedly run by the Phoenix cybercrime group (Photo: SSU)

The Secret Service of Ukraine has arrested five Ukrainian citizens on suspicion of being members of an international hacking group called Phoenix. All have been charged with targeting hundreds of victims over the past two years, including accessing their mobile devices, stealing personal data and selling hacking as a service to others, the SSU says.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

All five suspects were arrested during raids conducted by the SSU in five locations - including homes, offices and technical centers disguised as mobile phone shops - in the Ukrainian cities of Kyiv and Kharkiv, the SSU says. The date of the raids has not been disclosed.

Searches of the premises led to the recovery of hardware and software that the SSU says was used for malicious activities. Agents also recovered several stolen and lost Apple mobile phones that had been unlocked, their data exfiltrated data, and which were being offered for sale via a network of stores operated by the gang, the SSU says.

Allegedly stolen Apple phones recovered during the raids (Source: SSU)

The SSU did not immediately respond to Information Security Media Group's request for comment about whether the allegedly stolen devices being offered for sale might have been subverted, for example, by implanting them with malware designed to steal the new owners' information.

Alleged Phishing Activity

The suspects allegedly also ran phishing sites, disguised as sites for popular mobile phone manufacturers such as Apple and Samsung, to lure fresh victims, authorities say. In some cases, this helped them gain access to victims' device remotely, the SSU says.

In such cases, attackers would record victims' login credentials for their devices, then steal the data being stored, including financial information, to enable them to drain funds from financial accounts tied to the device and its apps, the SSU says. "The data obtained in this way enabled the thieves to withdraw funds from accounts and sell information about victims' private lives to third parties," it adds.

List of Charges

Apart from selling stolen data, the suspects allegedly also pursued another scheme for monetary gains: mobile hacking-as-a-service.

Based on chats discovered on suspects' own mobile devices seized by agents in their raids, the SSU says suspects also offered to hack mobile devices, as a service, to other criminals, charging $200 per mobile phone account on average.

An alleged chat between a suspect and their mobile hacking-as-a-service client. (Source: SSU)

Based on its preliminary investigation, the SSU has filed charges against the detained suspects under Article 361 of the criminal code of the Republic of Ukraine, which prohibits the "willful interference with the operation of computers, computer systems and networks."

Article 361 states that in the case of a crime being committed by a group of individuals as part of a conspiracy, all face "restraint of liberty" for up to five years, or a prison term of three to five years.

Security experts say the arrests will send a message to other criminals present and future. "Arresting and charging criminals is perhaps one of the biggest deterrents to up-and-coming, would-be cyber criminals," Javvad Malik, security awareness advocate at KnowBe4, tells Information Security Media Group. "However, as the world moves more and more rapidly with its digital dependency, it is likely we will see law enforcement having to devote more resources to cybercrime in the future."

Complicated Law Enforcement Picture

The law enforcement picture in Ukraine, furthermore, remains complicated, not least following the annexation of Crimea by Russia, and Russian-supported separatists controlling parts of the eastern region of the country, which experts say has created space for criminal activity with defacto Russian protection.

Corruption remains another problem, with Ukraine ranking 117 out of 180 countries - with 1 being least corrupt, and 180 most corrupt - on Transparency International's Corruption Perceptions Index .

Historically, such corruption has helped provide cover for all sorts of criminal operations, typically in exchange for a cut of any proceeds, says Alan Calder, CEO at GRC International Group. "Unfortunately, it seems apparent that there are cybercriminals working in collusion with governments that give them 'shelter', and as long as the criminals behave as their protectors wish, they will be largely immune from prosecution in other jurisdictions."

Protection for criminals can also provide cover for reprisals, he says. "The exposure of criminal networks is always useful, because the more the world is aware of what is going on, the more likely it is to take heed and appropriate defensive action," Calder says. "Frustratingly, however, there will always be a likelihood of a criminal counter-attack on law enforcement agencies who try to expose and prevent the criminals, because we need to remember after all, these are criminals with significant resources and with nation-state protection."

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.