InfinityBlack, a group of cybercriminals that has been engaging in the distribution and sale of stolen user credentials, malware and hacking tools production, and fraud, has been dismantled.
The hacking group was established in the year 2018, and became known for running the Infinity[.]black website, whose operation supported sales involving access to databases of user credentials.
Usually, the collections of user data would be clustered by assembling a dump of usernames and passwords obtained through data breaches aimed at a number of companies throughout the course of the group’s operations.
Sources within the threat intelligence community have intimated that InfinityBlack was also responsible for operating Discord channels, marketplaces on the Shoggy.gg online platform, and threads on several hacking discussion forums.
It is on these platforms and forums that the hacking group promoted its portfolio – including their portal, hacking tools and guides aimed at educating prospective cybercriminals on the techniques used in credential stuffing attacks.
Inside InfinityBlack
According to Europol, InfinityBlack was composed of three working teams: developers who crafted the required tools needed to evaluate the quality of stolen databases, testers that were tasked with the job of analyzing stolen data, and project managers who transmitted subscriptions needed for crypto payments.
The hacking group built online platforms that were used in the sale of user login credentials called “combos”. It turns out that the hacking group was highly efficient at its craft by plugging into the wealth of information and experience that was disposed to its three teams of operators.
Reportedly, the hacking group primarily made their money through the stealing of loyalty scheme user credentials, which would then be sold to a number of other less sophisticated cybercriminal rings. The gangs would then trade the loyalty points for pricey electronic devices.
InfinityBlack hackers established an advanced script that was used in the gaining of access to a host of Swiss customer accounts. Although reports indicate that about €50,000 was lost as a result of the hacking group’s actions, it is believed that the cybercriminals had gained access to a massive database of accounts that would cause losses of more than €610,000.
The fraudster and hackers involved in the distribution of the databases, including both minors and adults, were discovered when they tried buying stuff in Swiss shops using the stolen credentials.
The Investigation
An announcement by Europol intimated details of the investigation that led to the unmasking of the hackers and eventual dismantling of the InfinityBlack hacking group.
The takedown began with the busting of several cybercriminals who were trying to cash out loyalty points in shops in Switzerland. Law enforcement agents then traded criminal intelligence to enable them unmask links to members of InfinityBlack in Poland.
On April 29, the Polish National Police launched investigations that involved searches across five Polish regions and apprehended five people suspected to be members of the notorious hacking group. During the raids, authorities found electronic equipment, hard drives and crypto-related hardware. In addition to the arrests and seizures, the police shutdown two platforms that had 170 million entries.
A series of investigative efforts by experts from the Cyber Investigation Division (DEC) of the Vaud Cantonal Police facilitated the success of the operation in dismantling the InfinityBlack cybercriminal network.
Once the hackers attempting to cash out loyalty points were discovered in Switzerland, law enforcement agents moved swiftly to connect the dots with the Polish authorities in identifying links to the separate gang in Poland. This joint effort led to the arrest of the hackers in Poland, therefore putting an end to a cybercriminal enterprise that was responsible for targeting businesses in Europe and beyond.
You can join the discussion on Dread and Tape forum
