Si Cyber Intel: Threat Actor “Hackyboy” Targets Financial Organisations
Discovered by Insikt Group, “Hackyboy” is currently hitting the top of the threat list as an English-speaking cybercriminal targeting financial organisations worldwide in a number of illegitimate cyberattacks. The threat actor also makes additional revenue by selling data, pornography, drugs, malware and DDoS attacks on multiple dark web marketplaces.
Interestingly, the actor seems to have proficient knowledge of the finance sector especially in countries such as Luxemburg, Spain and the USA and specialises in virtual banking. As competent carder, the actor is also well known for selling personal and financial information pertaining to various banks and payment systems.
In a number of online posts, Hackyboy discloses possible money-stealing opportunities from companies such as PayPal and goes on to sell these ideas via tutorials on the dark web only accepting Bitcoin for payment. The dark web is also rife with counterfeit bills, Mac addresses and skimmer malware plans for ATM machines sold by the threat actor.
Currently there isn’t any evidence of how the threat actor is able to obtain bank users’ personal information, possibilities could be the affiliation with a larger group of cybercriminals or using a specific malware or attack vendor.
If you’re worried or concerned that you’re being directly targeted by this threat actor please get in contact with us.
How to protect yourself:
- Make sure internet routers at home and in the office are updated with recent patches and security updates
- Verify websites that you are redirected to have HTTPS enabled and are encrypted with trusted certificates
- Avoid installing mobile applications from unknown sources. By default, Google prevents users from installing apps from sources other than the Play Store. We recommend that you leave the installation of apps from unknown sources disabled
- Avoid opening links received by SMS messages, WhatsApp or other applications from unknown sources
- Avoid downloading third-party applications or responding to suspicious messages
For information about Si Cyber’s malware detection and response capabilities, please contact firstname.lastname@example.org