A criminal hacking group has spent the last three years infiltrating the system of numerous Canadian mining companies and casinos, and has used its means to steal sensitive data. The financially motivated group of hackers even went so far as to hold the valuable information hostage and demand a ransom from its legal owners.
This hacking group has been nicknamed FIN10 by the cyber-security company FireEye and has been noticed first back in 2013. Judging by their distinctive way of work, they have not been active prior to that year and they have last been noticed in 2016, but the can still be working hard to achieve their goals. It is not yet known whether this is a single hacker or a whole well-organized hacking group we are talking about, and this is yet to be discovered by the investigators.
Charles Prevost, Senior Manager of Mandiant, the security consulting practice FireEye works with, said they find it curious as to why the hackers have chosen to target this Canadian field in particular. Also, they have tried and failed to attribute the hacking group to a particular country, which has always been a big difficulty when it comes to the investigation of cyber crimes. What they know for sure, is that the criminals seem to be native English speakers, even though they have tried to appear otherwise.
The hacking criminals broke into the system of various corporations and demanded the ransom for the stolen information to be paid in Bitcoin. They were on the hunt for corporate records, private communications and customers-related data. For this information they demanded between 100 and 500 Bitcoin, which equals C$35,000 to C$170,000. What is more, they threatened to publicize some of it with the help of some alerting bloggers if they do not receive the money within 10 days.
Among the big corporations affected from the cyber attacks are Goldcorp, a gold production company which is currently on third place in the world by market value, as well as Detour Gold, which is also in the gold mining field for quite some time. The giant in the gambling world, Casino Rama Resort has also suffered the consequences of their malicious actions.
The way they have infiltrated the system of such big and seemingly well-protected corporations, is through false advertisement. In one of the cases they created a malicious Web page, disguised as an updated holiday schedule for the staff, and hey hid their code there. Another way was by a Microsoft Word document which claimed to be an employee questionnaire.
What is interesting, is that the hacking group does not utilize some of the programs which help Russian hackers to reach new levels of domination, but instead the use easily found penetration tools such as Metasploit and SplinterRAT which run very basic commands.