The arrest of a 25-year-old French man in
Thailand apparently seals the fate of Rex Mundi, a hack-and-extort collective
that operated since at least 2012
Europol has announced the arrests over the past year of eight French
nationals who are suspected of being involved in a long-running hacking ring
called Rex Mundi.
The latest in a string of arrests was made by
Thai police, which acted on a French international arrest warrant and
apprehended “a French national with coding skills” on May 18 of this year. This
operation capped a year-long effort that also resulted in the arrests of
another seven people believed to be the gang’s members, who were nabbed by
French police in June and October 2017.
Rex Mundi (Latin for “King of the World”)
made a name for itself with multiple hack-and-extort campaigns that mainly
victimized companies in Europe. As we also reported in 2014, the gang typically hacked into
corporate networks and ransacked them for sensitive information before
demanding ransom payments on pain of dumping the data online. On a number of
occasions, the group delivered on its threats.
As per Bleeping Computer, the earliest reports of the crew’s activities
date back to the summer of 2012. The gang would initially take to Twitter to
brag about its shenanigans, only to opt for a more low-key profile later on.
How the crew’s undoing unfolded
Law enforcement began to turn the tables on
the gang in May 2017, shortly after the group claimed credit for stealing
troves of customer data from an unnamed UK-based firm. A member of the gang
then phoned the company and demanded either €580,000 for not going public with
the data or over €825,000 (both in bitcoin) for also sharing details about how
the intrusion had been carried out. For each day the company failed to pay, the
criminals demanded a ransom of €210,000, according to Europol.
The company refused to pay up and contacted
the UK Metropolitan Police, which gathered and then relayed information about
the attack to French police and Europol. “Within an hour, Europol’s 24/7
Operational Centre was able to link the available information to a French
national,” said the European Union’s law enforcement agency.
French police then moved to nab a total of
five suspected members of the group in June 2017 and another two in October.
The primary suspect admitted to his role in the latest extortion campaign, but
said that the breach itself had been perpetrated by a hacker whom he had hired on the dark web.