French Cybercriminal Pleads Guilty for Hacking Corporate Data 

In a significant development in the realm of cybercrime, a 22-year-old French citizen, Sebastien Raoult, also known as Sezyo Kaizen, has pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft in the U.S. District Court in Seattle. 

This case sheds light on a sophisticated cybercriminal operation that utilized phishing emails and deceptive tactics to breach corporate systems, resulting in a total loss estimated to exceed $6 million for victim companies.

The Arrest and Extradition:

Sebastien Raoult’s journey through the legal system began with his arrest in Morocco last year. 

Following his apprehension, he was subsequently sent back to the United States in January 2023 to face charges related to cybercrimes committed alongside two co-conspirators. 

The accusation, handed down by a grand jury in the Western District of Washington in June 2021, marked the start of legal proceedings against the cybercriminal trio.

Deceptive Tactics and Corporate Intrusions:

The modus operandi of Raoult and his co-conspirators involved hacking into the protected computers of corporate entities to rob confidential information and customer records. 

This collection of data included personally identifiable information and sensitive financial details. 

The cybercriminals targeted numerous companies, spanning across Washington State, the broader United States, and even international entities. 

Following successful intrusions, a user operating under the false name “ShinyHunters” posted the stolen data for sale on dark web forums, including RaidForums, EmpireMarket, and Exploit.

Ransom Threats:

One particularly harmful aspect of this operation was the threat posed by ShinyHunters. If victims failed to meet ransom demands, ShinyHunters threatened to leak or sell the stolen sensitive files. 

This added an element of extortion to the cybercriminals’ activities, increasing the pressure on affected companies to comply with their demands.

Phishing and Fake Login Pages:

The core of Raoult and his co-conspirators’ strategy was the creation of fake login pages that mimicked legitimate businesses. 

These deceptive websites were used to send phishing emails to unsuspecting company employees. 

These emails were crafted to appear as if they originated from genuine businesses and contained links to fraudulent login pages. 

Unaware victims then provided their account sign-on credentials on these fake pages. Armed with these stolen login details, the cybercriminals infiltrated victims’ accounts, accessed sensitive data, and scoured the stolen information for additional credentials to access further data within companies’ networks and third-party service providers, including cloud storage services.

Monetary and Legal Consequences:

The impact of this cybercriminal operation was extensive, with hundreds of millions of customer records compromised and a staggering estimated loss of over $6 million for the victim companies. 

Raoult now faces the consequences of his actions, with the conspiracy to commit wire fraud carrying a maximum sentence of 27 years in prison. 

Additionally, aggravated identity theft mandates a mandatory minimum two-year prison term to follow any other sentences imposed.

The FBI Seattle Cyber Task Force was pivotal in investigating this complex case, while Assistant United States Attorney Miriam R. Hinman led the prosecution. 

The Department of Justice’s Office of International Affairs provided substantial assistance, highlighting the global reach of this cybercrime. 

The collaborative efforts of Moroccan and French authorities were also instrumental in advancing this case.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.