Cybercriminals in Turkey have joined forces with Russian hackers who recently arrived in the country, resulting in a flood of tens of millions of newly stolen personal credentials in an online marketplace. These Russian émigré hackers, many of whom are trained software engineers, sought refuge in Turkey after President Vladimir Putin ordered military conscription for the war in Ukraine.
These hackers have teamed up with established Turkish criminals to engage in low-level online scams and fraud. By partnering with Turkish counterparts, they are able to avoid detection, launder their earnings, and sell stolen credentials on the European market. The collaboration between the two groups highlights the transnational nature of cyber fraud and the evolving tactics employed by cybercriminals.
The Turkish police have launched an investigation into the recent surge in cybercriminal activity. However, these criminals use sophisticated online techniques, such as cloaking, to evade detection. In contrast, criminals based in Russian-speaking countries operate more openly due to lax enforcement from their governments.
These newly formed criminal groups are careful not to target Turks in order to avoid scrutiny from local authorities. As a result, the Turkish police have not provided any official comment on the matter.
The preferred marketplace for these cybercriminals is known as the Underground Cloud of Logs. It has been inundated in recent months with stolen credit cards, passwords, and login credentials. The stolen data is sent to clients who sign up for data flows on Telegram groups using sophisticated code. The data is collected by a common malware, known as Redline, that evades most antivirus software. Redline is often downloaded unknowingly by individuals using illegal websites to play video games or pirated software.
What makes the stolen data particularly valuable is that Redline also steals cookies, which are small pieces of personally identifiable code stored in people’s browsers. This allows the hackers to impersonate victims online and even copy stored credit card information for fraudulent online shopping.
The stolen data is sold in Telegram groups, with prices starting as low as $50 per week. These groups provide access to thousands of stolen data entries, making it a lucrative business for the criminals involved.
A Turkish information security specialist who infiltrated one of these Telegram groups observed how Russian hackers taught their Turkish counterparts sophisticated code for collating large amounts of stolen data. The Turkish criminals leveraged their contacts in western Europe, particularly Germany, to secure better prices for these organized data sets.
This collaboration between Turkish and Russian cybercriminals has led to an increase in efficiency and output. The criminals have learned to automate their activities effectively, resulting in a rapid expansion of their operations.
The severity of this collaboration and the professional marketing tactics employed by these cybercriminals highlight the growing threat of cybercrime in the digital world. Authorities around the world need to be vigilant and work together to combat this evolving and transnational criminal activity.