The same hacker aiming at Canadian mining companies and casinos for extortion from 2013 is preparing for more attacks, cyber security analysts said in a report last week.
The analysts said they considered that a single hacking group or hacker that is named as FIN10 is the brainchild behind the breaks due to resemblance in means: how they breached into corporate systems, demanding ransom paid in Bitcoin, stealing gigabytes of sensitive data, and making the stolen data public by alerting bloggers.
While the analysts declined to recognize victims by name, the means defined in their report were repeated and used in attacks on the third-biggest gold miner in the world by market value, Goldcorp; the Casino Rama Resort; and smaller operator Detour Gold.
Analysts claimed that the degree of operational success of the FIN10 makes more crusades “highly likely” and that it had proof signifying the group had aimed for more victims.
Analysts said that the FIN10 employed the moniker Angels_of_Truth as a minimum once, stating to attack in revenge for Canadian sanctions in opposition to Russia. More frequently, it rented the name Tesla Team from a squad of hacktivists in Serbia.
Analysts believe that FIN10 was waving “false flags” with those names, with no support from an affiliation or nation-state with structured criminals.
Angels_of_Truth was the name utilized by hackers who communicated a databreaches.net blogger from April 2015 to June 2015 stating credit in English and Russian.
The similar blogger, warned to a break at Goldcorp in April last year, rolled out details on the Daily Dot site before Goldcorp recognized the breach.
The Vancouver-based company has since increased network security protocols, altered its IT processes, and operated to educate its staff regarding cyber attacks, a spokesperson claimed.
After that break, a mining sector bunch created a network to share data on cyber attacks. As a minimum 6 members, comprising Teck Resources Ltd., will commence to work on the project from next month.
For now, FIN10 is still in touch with most of the victims and more targets may “become aware of the attack in the upcoming months or weeks.
###