Criminals admit: Epic Games cyber attack and leak were a scam

The Mogilevich Group admits on their Darknet leak page that they are not running “ransomware as a service” but that they are scammers. There were previously suspicions that Epic Games had fallen victim to a cyberattack by the group.

advertisement

In addition to Epic Games, Mogilevich also listed companies such as Shein, Kick, Bazaarvocie, InfinitiUSA, and DJI as alleged victims. Authorities such as the Bangladesh Police and the Irish Foreign Office were also mentioned. Some of these “victims” listings were marked as allegedly sold out.

It's not ransomware, it's a scam

Now Mogilevich explains that it was all a scam. “In fact, we are not 'ransomware as a service', but professional scammers.” This explanation cannot be found directly in the blog on the leak page, but only behind a link that supposedly leads to a sample of the alleged EpicGames database leak.

In the text, Mogilevich boasts that he has taught a lot of people a “lesson” and explains his own business model, including methods used in social engineering.

Cybercrime as a Service: Criminals become victims

Mogilevich wanted to quickly become known as a new ransomware group in order to attract its actual victims. So they chose some well-known names as alleged victims of ransomware.

Interested parties who wanted to use Mogilevich's services to demand ransom did not receive anything in return, and instead became victims. In eight cases, the criminals sold access to a board that was intended to give buyers access to the criminals' infrastructure. But this infrastructure did not even exist. Using social engineering, some interested parties were not only tricked into investing several thousand dollars in their fake ransomware services, but were also sent screenshots of their cryptocurrency wallets. The aim was to use the data to commit further fraud by selling supposedly stolen cryptocurrency accounts.

Mogilevich acted as if they were, as a group, an emerging major player in the ransomware-as-a-service business. This is also how they contacted the initial access brokers. As potential buyers, they requested evidence from initial access brokers about the quality of their goods. The scammers then used the photos and videos obtained in this way to do their own business by selling (fake) access.

Reason for recognition

Mogilevich has now allegedly received $85,000 in one payment from one of her victims who wanted to buy data from the alleged hack of a drone company. This is their biggest coup.

By explaining their fraudulent business model, they want to show that many, “especially Epic Games,” have outed them through their public actions and tweets. This would allow their fraudulent network to grow.

(Mac)