A French citizen has pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft after hacking into multiple corporate systems to steal and then sell confidential data, customer records, and financial information.
22-year-old Sebastien Raoult, aka Sezyo Kaizen, was arrested last year in Morocco and was extradited to the US in January 2023. Raoult and two co-conspirators were indicted by a grand jury sitting in the Western District of Washington in June 2021.
Raoult and his co-conspirators hacked into corporate servers to exfiltrate confidential information and customer records, including personally identifiable information and financial information, according to the plea agreement.
“They hacked numerous companies, including companies in Washington State, elsewhere in the United States, and around the world,” reads a press release by the US Department of Justice. “After Raoult and his co-conspirators hacked companies, a user going by the name ShinyHunters posted hacked data from many of those companies for sale on dark web forums, including RaidForums, EmpireMarket, and Exploit.”
Between April 2020 and July 2021, ShinyHunters posted hacked data from more than 60 companies, sometimes threatening to leak or sell stolen sensitive files if the victim did not pay a ransom.
Court documents shared by Bleeping Computer say the group succeeded in obtaining ransoms as large as $425,000.
When the crew infiltrated cloud service providers, they sometimes used the victim’s computing power to mine cryptocurrency.
Records filed in the case reveal Raoult helped create phishing websites designed to impersonate legitimate entities.
“The conspirators sent phishing emails to company employees that were designed to look like they came from legitimate businesses and contained links to those login pages,” according to the DOJ.
Unwary employees entered their account credentials on the fake login pages. Raoult and his co-conspirators used the login information to breach victims’ accounts, steal the data stored on their computers, and search the stolen data for additional login information, to further their campaign.
It is estimated that the trio stole hundreds of millions of customer records and caused losses exceeding $6 million.
Raoult faces up to 27 years in prison for conspiracy to commit wire fraud and a mandatory minimum two-year prison term for the charges of aggravated identity theft.
Bitdefender Identity Theft Protection includes continuous monitoring of your identity, privacy, and credit status, damages and financial loss prevention from identity theft, complete identity theft restoration services, and insurance of up to $2 million.