A “financially motivated” and digitally-savvy criminal hacking group has spent at least three years infiltrating computers at several unnamed Canadian mining companies and casinos, stealing sensitive data and holding it for ransom.
The group, dubbed FIN10 by the cybersecurity company FireEye, began operating as early as 2013, continued until at least 2016, and has not been identified before, investigators said.
Charles Prevost, one of the investigators and a senior manager at FireEye’s security consulting practice Mandiant, said they “have no idea why” FIN10 had seemingly chosen to target only Canadian mines and casinos. He could not attribute FIN10 to a particular country or location — a notoriously difficult problem in cybersecurity investigations — but noted that its members appeared to be native English speakers, despite attempts to appear otherwise.
According to FireEye’s report, released today, the attacks targeted sensitive files such as corporate records, private communications and customer information. After stealing the data from the victims’ computers, the investigators say the hackers demanded ransoms of between 100 and 500 bitcoin — about $35,000 to $170,000 Cdn.
The group then threatened to release some of the stolen data to the public if no payment was received within 10 days, and to release more data if…Read More