Security researchers have been vague about the group's composition, and generally agree that members are mostly English-speaking, financially motivated, and have been very active in the past two years, targeting large companies through stolen employee credentials and tricks like convincing tech support. Employees that they accidentally locked out of their computer and need a new password.
They have moved from stealing cryptocurrency to businesses that provide third-party business functions, such as help desk and call center staffing, that allow them to tap into multiple customer networks. And they blackmailed Western Digital and other tech firms after stealing internal data before heading to the jackpots in Las Vegas.
But their willingness to deploy destructive ransomware while demanding money is a significant escalation, as is their choice of business. Partner: APLHV, a hacking group whose affiliates includes Members of former Russian forces BlackMatter and DarkSide, the groups responsible for the Colonial Pipeline hack, alerted Washington to the national security risks posed by ransomware. APLHV provided the BlackCat ransomware that the young hackers had Installed in casino systems.
New research presented Friday at the LABScon security conference outside Phoenix provides an origin story for the hackers who experts say call themselves the star scam. They say the group consists of several dozen hackers connected to the Internet and are part of a much larger association known domestically as Com, short for Community.
The star cheat left clues to his co-conspirators with public outcry and other imperfect behavior. Like others at Com, they were united by a crime involving SIM swapping, which usually involves persuading phone company employees to hand over control of someone else's phone number.
Due to poor security controls around these numbers, such gambits have allowed criminals to collect millions of dollars on cryptocurrency accounts by defeating SMS text-based two-factor authentication.
The extra money enabled alliances with criminals with a variety of skills, including those who hacked police servers and could send emails from would-be officers demanding disclosure of urgent information to phone and Internet users.
Worse, researchers say, they have now attracted recruiters for Russian gangs who want to combine their business acumen with native English-speaking techniques and local knowledge.
“In advance of a lot of money, they raped the girls and tried to kill themselves. There's something really sociopathic going on with these people,” the lead researcher told The Washington Post, speaking on condition of anonymity to avoid being targeted by gangs.
In the MGM hack, the group gained control of Okta's authentication servers, which gave them extensive authority over internal services.
The Star Fraud group somewhat followed the trajectory of the Lapsus$ gang, which stole source code from major companies with similar hardware and prompted federal Review The main reasons for the growth of the group.
According to researchers, only Star Fraud has made headway, and such groups now have thousands of online volunteers.
The FBI, which has been able to break up some ransomware groups because of the colonial pipeline, said it will continue to pursue the criminals overseas, as well as their youth affiliates.
“Criminals can rest assured that the FBI will pursue all illegal activities with the same vigor and devotion to process,” the Post said in a written statement. “We are working closely with our federal and international partners to ensure that bad actors face the consequences of their actions.”