Russia arrests third hacking group, seizes carding forums

Russia Flag

Russia arrested six people today, allegedly part of a hacking group that was involved in the theft and selling of stolen credit cards.

Russian media reports that the arrests come at the request of investigators from the Ministry of Internal Affairs of the Russian Federation.

“The Tverskoy Court of Moscow received petitions from the investigation to select a measure of restraint in the form of detention against six people suspected of committing a crime under part 2 of article 187 of the Criminal Code of the Russian Federation (“Illegal circulation of means of payment”),” said press court clerk Ksenia Rozina in a statement to TASS Russian News Agency.

Article 187 of the “The Criminal Code Of The Russian Federation” relates to “The making of counterfeit credit or debit cards, and also of other payment documents, which are not securities, with the purpose of their utterance or their sale”.

While Russian law enforcement has not said what hacking groups the individuals were allegedly affiliated with, Russia also seized the websites for Sky-Fraud and Ferum today, two Russian carding forums/marketplaces devoted to the theft and selling of stolen credit cards.

Both sites now display seizure notices claiming to be from Management “K” of the BSTM of the Ministry of Internal Affairs of Russia.

Sky-Fraud seizure message by Russian law enforcement
Sky-Fraud seizure message by Russian law enforcement

The seizure message translated by Google Translate reads in English as:

THIS RESOURCE IS BLOCKED

The SKYFRAUD resource was closed forever during a special law enforcement operation.

Management “K” of the BSTM of the Ministry of Internal Affairs of Russia warns: theft of funds from bank cards is illegal!

Art. 187 of the Criminal Code of the Russian Federation: Production, acquisition, storage, transportation for the purpose of use or sale, as well as the sale of counterfeit payment cards, money transfer orders, documents or means of payment, as well as electronic means, electronic media, technical devices, computer programs, intended for illegal acceptance, issuance, transfer of funds.

Punishable by imprisonment for up to seven years.

Security researcher Soufiane Tahiri discovered that Russian law enforcement also left a hidden message for other Russian hackers in the source code of the sky-fraud.ru seizure notice, saying “КТО ИЗ ВАС СЛЕДУЮЩИЙ?”

Translated into English, this warning says, “WHICH OF YOU IS NEXT?”

Hidden warning message left by Russian law enforcement
Hidden warning message left by Russian law enforcement
Source: BleepingComputer

These arrests mark the third hacking group arrested by Russian authorities since the beginning of 2022.

In January, Russia seized $6 million and arrested fourteen individuals associated with REvil, a notorious ransomware operation responsible for numerous cyberattacks worldwide.

At the end of the month, Russia also arrested the leader of the Infraud Organization, a hacking group that caused more than $560 million in losses to businesses worldwide.

This stream of arrests by Russia is unusual as the country does not have a history of cooperating in the crackdown on cybercrime operating within its borders.

However, after DarkSide’s ransomware attack on Colonial Pipeline and REvil’s attack on Kaseya, the White House and Russian representatives have been working to increase cooperation to stem the rising tide of hacking activities originating from Russia.

H/T Dmitry Smilyanets