Polish Police Crack Down on Cyber Criminals Involved in Bomb Threats

Some good news for today, Polish authorities has shut down a hacker crew that's been involved in numerous cybercrime ops in the likes of ransomware, malware, SIM swapping, bank fraud, running fake online stores, and bomb threats. Quite the crew they were.




Four suspects were arrested. With an additional four under investigation.

According to Polish media, the hackers have been under investigation by Polish authorities since 2019, when they sent their first bomb threat to a school in the town of Łęczyca.

Investigators reported an individual under the name of Lukasz K. supposedly found the hackers on internet forums and hired them to send a bomb threat to the local school but make the email look like it came from a rival business partner. 

The man whose identity was spoofed in the email was arrested and had to spend two days in prison before the police figured out what occurred.

The businessman then hired a well-known private investigator to track down the hackers behind the fake bomb alert.

Later on, it was reported that when the hackers realized what was happening, so they hacked a Polish mobile operator and created invoices for thousands of Polish currencies in the name of both the detective and the framed businessman.

Bomb threats were also linked to the hacker crew such as the one for Western Railway Station in Warsaw.

But the most notorious bomb threat was when they were hired to send bomb threats to 1,066 kindergartens across Poland.

Around 10,536 people from 275 kindergartens were evacuated after the emails were sent, they also asked for about ~$1,300 USD in payment for every bomb threat they sent.

As mentioned before this is not the only crime they partake in. They have sent malware through email phishing attacks. They were also linked to 87 different domains used to spread malware. The group was involved in numerous of malware strains for both Windows and Android devices, such as Cerberus, Anubis, Danabot, Netwire, Emotet, and njRAT. 

Infected users had their personal details stolen which were then used to steal money from banks with weak security.

In rare cases, some banks had implemented multiple authentications. The group would then use the information they stole from infected victims in order to fake IDs. Then use the IDs to trick mobile operators into transferring the victim's account to a new card.

Using this card, the hackers would then reset and change passwords of the victims' accounts and bypass two-factor authentication (2FA) to steal money from the victims' accounts.

It is believed that the cyber crew stole around $50,000, $56,000, and $62,000 USD in different incidents using this method.

The hackers also attempted to steal around $2 million USD from one victim, but luck struck when the bank called the victim's phone number to confirm the transaction. Yet since the number was changed due to the SIM swap the bank official reached the hackers and didn't recognize its regular customer's voice from previous conversations and blocked the transaction which stopped the hack.

Polish officials also said the group also created about 50 fake online stores where they sold nonexistent products that fooled about 10,000 customers.

A shortlist of the four hackers in Polish authorities' hands.

  • Kamil S. also known as Razzputin.
  • Pawel K. also known as Manster_Team
  • Janusz K.
  • Lukasz K.

The four other hackers that are currently under investigation are.

  • Mateusz S.
  • Radosław S.
  • Joanna S.
  • Beata P.

Posted on Sep 28, 2020 3:33:00 PM by Marcos Xochihua in Cyber Security

Marcos Xochihua

Written by Marcos Xochihua

Marcos Xochihua is a Network Security major and Student Ambassador at University of Advancing Technology (UAT)


Email me when there is a new post.

I'd like more information about UAT

Lists by Topic

see all

Recent Posts

Posts by Topic

see all

Posts by Author

see all