blackhat

Hmei7

Biography: 

Hmei7 is an Indonesian blackhat and defacer who orchestrated a series of attacks on June 4, 2014, on entities associated with ESET, a cybersecurity firm, in Spain and Slovakia. Targeting Certification ESET Spain, ESET, ESET Security, and ESET's Spain domain.

He extended beyond ESET, with Hmei7 setting sights on AVG. The breach, transpiring on January 15, 2014, involved a coordinated effort from hackers based in Indonesia and Pakistan. He infiltrated 11 domains linked to AVG's downloads, renewal, free trial, education solutions, jobs, and testing. Simultaneously, SultanHaikal, also from Indonesia, targeted AVG distributors in Argentina, Bolivia, Chile, and Uruguay, compromising 8 websites. A Pakistani hacker known as DR@CUL@ defaced AVG's official blog in Japan, collectively presenting a multi-faceted assault on AVG's infrastructure.

References

CyberZeist

IRL Name: 
CyberZeist
Biography: 

CyberZeist is a blackhat from India operating under aliases such as Le4ky and @cyberzeist2. In 2016, CyberZeist infiltrated the FBI's website, leveraging a zero-day vulnerability within the Plone Content Management System (CMS). His team accessed sensitive information and leaked FBI account data on platforms like Pastebin, showcasing usernames, SHA1 encrypted passwords, emails, and more. CyberZeist's actions prompted concerns about CMS vulnerabilities affecting not only the FBI but potentially other agencies like the EU Agency for Network & Information Security and Intellectual Property Rights Coordination Center.

His team was involved in targeting various entities, including the Hungarian Human Rights Foundation and the Windham County Sheriff’s Office. In the case of the Hungarian Human Rights Foundation, CyberZeist, alongside another hacker named Kapustkiy, utilized SQL injection to access databases containing personal information, including phone numbers and addresses. Similarly, the breach in the Windham County Sheriff’s Office showcased the exposure of sensitive user data, highlighting weak security practices and password vulnerabilities among personnel, posing potential risks to both private and public entities.

References

White

IRL Name: 
Arion Kurtaj
Biography: 

Arion Kurtaj was a key member of the notorious Lapsus$ cyber-crime gang. His group "Lapsus$" uses a variety of attack vectors, including social engineering, MFA fatigue, SIM swapping, and targeting suppliers.

He is an autistic and has been handed indefinite hospital order in December 2023 for hacking Uber (UBER.N) and fintech firm Revolut, and for blackmailing the developers of best-selling video game "Grand Theft Auto". Doctors deemed Kurtaj unfit to stand trial due to his severe autism, so the jury was asked to determine whether or not he committed the alleged acts - not if he did so with criminal intent.

References

EVLF DEV/ EVLF

Biography: 

EVLF DEV is a Syrian threat actor who is a Malware-as-a-service (MaaS) operator. He is responsible for the development of CypherRAT and CraxsRAT, which in the last 3 years was purchased by over 100 distinct threat actors on a lifetime license. EVLF has been observed operating a Telegram channel named "EvLF Devz" that was created on February 17, 2022. It has 10,678 subscribers as of writing.

A search for CraxsRAT surfaces numerous cracked versions of the malware hosted on GitHub, although it appears that Microsoft has taken down some of them over the past few days. The GitHub account of EVLF, however, remains active on the code-hosting service.

References

Loaded

IRL Name: 
James Zhong
Biography: 

James Zhong (a.k.a. Loaded) is a blackhat who was arrested in 2022 and convicted of wire fraud for defrauding online marketplace Silk Road of 50,676.17 BTC. One of Zhong’s other fraud accounts made a single deposit and more than 50 withdrawals before the account ceased its activity. Within a few days of the transactions, Zhong moved the bitcoin out of Silk Road and consolidated them into two high-value amounts.

Pictures: 
References

dcoder

Biography: 

dcoder is one of the 1st generation defacers of the Philippine Hacking scene in the early 2000s. He is one of the OGs of the hacking group Asianpride.

References

Mark Sokolovsky

IRL Name: 
Mark Sokolovsky
Biography: 

Mark Sokolovsky is a Ukrainian and the alleged author of Raccoon Stealer. He was arrested in the Netherlands in March, 2022 with the accidental help of his girlfriend. They fled Ukraine together. Her girlfriend documented everything on Instagram.

Raccoon Infostealer is malicious software that infects computers and steals personal information, including email addresses, identification numbers, bank account information, and cryptocurrency information.

Pictures: 
References

kik

IRL Name: 
Azer Koçulu
Biography: 

Azer Koçulu is an open-source developer who had been publishing and maintaining his packages on npm for other developers to use and include in their packages. Out of his ~270 packages on npm, one of them was called kik, which helped programmers set up templates for their projects.

Kik also happens to be the name of a freeware instant messaging mobile app available on both android and iOS, from the company Kik interactive based in Ontario, Canada. Kik Interactive contacted him objecting to his use of the name, for which the company claimed intellectual property rights, and asked him to change the name. When Koçulu refused, Kik Interactive contacted npm management, who agreed to transfer ownership of the module to Kik without Koçulu's consent. Koçulu then unpublished all of his modules from npm, including a popular eleven-line code module called "left-pad" upon which many JavaScript projects depended. Although Koçulu subsequently published left-pad on GitHub, its sudden removal from npm caused many projects (including Kik itself) to stop working, due to their dependency on the Node and Babel packages.

In view of widespread software disruption, npm restored Koçulu's left-pad and made Cameron Westland of Autodesk its maintainer. The incident sparked controversies over the assertion of intellectual property rights and the use of dependencies in software development.

References

Flint24

IRL Name: 
Aleksei Stroganov
Biography: 

Alexey Stroganov, who goes by the hacker names "Flint" and "Flint24" is a Russian carder has been a long-standing member of major underground forums since at least 2001. In 2006, Stroganov and an associate Gerasim Selivanov (a.k.a. "Gabrik") were sentenced to six years of confinement in Russia, but were set free just two years into their sentence. He was also arrested in Russia in March 2020 and 23 other hackers.

References

Ferdinand E. Silva

IRL Name: 
Ferdinand E. Silva
Biography: 

Ferdinand E. Silva / F. E. SILVA is a Filipino computer programmer from Lipa City, Batangas, Philippines. He has written simple Windows OS viruses before the so-called "Hacked By Godzilla" virus. He was the one who modified "Hacked By Godzilla" virus and named it to "TAGA LIPA ARE" virus and replaced "MS32DLL" with "FS6519", pressing Ctrl + H (Find & Replace) with the script opened in Notepad.

References
Syndicate content