Says five-strong ‘Group E’ may have lifted a billion Yahoo! records, sells to states
Five hackers are said to be behind breaches totalling up to a staggering three billion credentials from some of the world’s biggest tech companies including the Yahoo! breach that led to the loss of 500 million credentials.
The claims, made to The Reg by recognised threat intelligence boffin Andrew Komarov, pin the world’s largest hacks on “Group E”, a small Eastern European hacking outfit that makes cash breaching companies and selling to buyers including nation states.
Komarov told The Register the group is behind a laundry list of hacks against massive household tech companies including the breach of Yahoo!, Dropbox, LinkedIn, Tumblr, and VK.com among other public breaches.
The analyst says the same hacking group has breached other major tech firms but would not be drawn on revealing the names of the affected companies nor the number of compromised credentials. Komarov has reported those breaches which are not on the public record to police.
He goes further and says much of the reporting concerning the Yahoo! breach was inaccurate, and suggests the number of affected credentials could be as high as one billion, double what was reported.
Group E had, according to Komarov, breached Yahoo! and sold the massive data haul through a recognised hacker identity who served as a broker.
It was then sold to a unnamed nation-state actor group.
Komarov, an established threat intelligence man formerly of Intelcrawler before its acquisition by Arizona-based security firm InfoArmor, is one of a handful of cybercrime intelligence analysts who closely monitor closed crime forums and dark web sites.
He fingers a Russian-speaking criminal hacking identity known as Tessa88 as the broker used by the two hacking groups.