An unnamed group of security researches claims to have intercepted configuration files used in the attacks against a number of the U.S.’ big names in the Technology industry. The group says that the hackers were using a Russian server and spoke Russian in their online communications.
The hackers are suspected to have been stealing user information from more than 85 companies. American Airlines, Apple Pay, ATT, DropBox, Amazon, Ebay, PayPal, Steam and Wells Fargo were among the names.
Ed Alexander is a dark net investigator who said when the hackers targeted Apple Pay the captured credit card numbers and identities for users. Hackers also got away with personal information to security questions.
“When I saw this file earlier this week, I took my iPhones off Apple Pay,” Alexander stated.
He went on to state that he found custom cyberattack files that were designed purely for targeting each company. They contained configurations for a black market cracking tool, Sentry MBA. Sentry is in popular demand among hackers.
Cybersecurity Researchers said:
“In the case of credential stuffing, the most commonly used standalone management tool we have observed enabling attacks is called Sentry MBA. A Sentry configuration file contains, among other items, the URL for a website’s login page, field markers to help navigate form elements, and rules for valid password constructions. A number of forums offer a wide variety of working configurations for various websites.”
The hacker’s identity still remains unclear, as well as if they are sponsored by a government or not. It is also unknown as to whether the hackers are in it for profit, or if it is part of a well-planned cyberespionage operation.