Canadian miners, casinos hit by hacker eyeing new targets: FireEye
By Alastair Sharp
TORONTO (Reuters) - The same hacker targeting Canadian casinos and mining companies for extortion since 2013 is planning more attacks, researchers at cyber security company FireEye Inc said in a report on Friday.
FireEye said it believes that a single hacker or hacking group that it dubbed FIN10 is behind the breaches due to similarities in method: how they broke into corporate systems, stealing gigabytes of sensitive data and demanding ransom paid in Bitcoin, and publicizing the stolen information by alerting bloggers.
While FireEye declined to identify victims by name, the methods described in their report echoed those used in attacks on Goldcorp, the world's third-biggest gold miner by market value, smaller operator Detour Gold, and the Casino Rama Resort.
FireEye said FIN10's degree of operational success makes more campaigns "highly probable" and that it had evidence suggesting the group had targeted additional victims.
FireEye said FIN10 used the moniker Angels_of_Truth at least once, claiming to attack in retaliation for Canadian sanctions against Russia. More often, it borrowed the name Tesla Team from a group of Serbian hacktivists.
FireEye believes FIN10 was flying 'false flags' with those names, with no backing from a nation-state or affiliation with organized criminals.
Angels_of_Truth was the name used by hackers who contacted a databreaches.net blogger between April and June 2015 claiming credit in Russian and English for the Detour intrusion.
The same blogger, alerted to a breach at Goldcorp in April 2016, published details on the Daily Dot website before Goldcorp acknowledged the compromise. Continued...