Hackers Run a Sophisticated Network To Destroy Websites
6 May 2020
(AGN News) – Hackers are running a sophisticated network out of La Jolla, San Diego, and Santa Clara County, California, Glendale, Phoenix, Scottsdale, and Tucson, Arizona that has destroyed hundreds of websites, mobile applications, cellphones, and computers.
A cybersecurity group called OMS was able to locate this team of hackers even though they attempted to hide their true location using VPN. This group has been operating “under the radar” for nearly six years.
Their ability to focus on malign activities directed at specific targets using special hacking tools and malicious codes to attack websites, mobile applications, computers, and even cellphones has enabled them to “hide” for years.
CICO-SILO14, as OMS calls these hackers, have embedded agents into a domain company, a website hosting company, debt collectors, local private contractors (as stalkers), and a “website security” company that should “lock” out malware from a “site” but instead installs malware using sophisticated software and server administrators.
The company would then contact the website owners and offer to remove the same malware for a price. This same company uses content scanning tools to harvest IP addresses, usernames, logins, site content and personal data. They use private contractors to “stalk” their intended victims before they strike. Agents in other legitimate companies are used to facilitate large scale hacking attacks.
Such was the case when CICO-SILO14 agents in the “website security” company partnered with server administrators to destroy hosted applications. First, on October 24, 2017, they destroyed 63 mobile applications. That was followed by the destruction of an additional 175 mobile applications. By August 31, 2018, CICO-SILO14 had destroyed more than 652 sites of victims who did not pay and launched over 97 sophisticated cyber attacks on computers and cellphones using malicious software, botnets, and other cyber tools.
OMS Cyber Security experts were able to track this network of hackers because of their continued malign activities including their use of phishing emails and their command and control domains used in their phishing campaign.
Their multi-year phishing campaign used many domains including the following command and control domains:
-
planbfundingoptions[.]com
-
business-capital-now[.]com
-
profund-247[.]com
-
businessfunds-24-7[.]com
-
getbusinessfunded-24-7[.]com
-
business-funds-365[.]com
-
profunder365[.]com
-
businessfunds365[.]com
-
getbusinessfunded[.]com
-
business-funds-365[.]com
-
getbusinessfunded-24-7[.]com
-
business-funds-365[.]com
-
businesscapitaladvisor365[.]com
-
fastcapitaladvisors[.]com
-
profunding247[.]com
-
fast-funding-advisor[.]com
-
profund247[.]com
-
profund365[.]com
-
getmybusinessfundednow[.]com
-
profunding[.]info
-
getabusinessloan365[.]com
-
business-funding-247[.]com
-
businessloansfunded[.]com
-
profunding247[.]org
-
fastfunding365[.]com
-
business-capital-advisors[.]com
Over a period of years CICO-SILO14 went undetected, but not their malign activities. CICO-SILO14 has hacked an unknown number of cellphones nationwide over the years and downloaded the content. They literally were able to listen to every phone call, text message, and read all the emails of unsuspecting victims.
OMS Security Experts discovered CICO-SILO14 embedded “website security” company agents engaged in a spear phishing campaign targeting local businesses. Hacker teams would locate their intended target then send their intended targets spear phishing emails containing tracking pixels that would allow CICO-SILO14 to see when and if the emails were opened. Once opened, malicious codes would be activated.
These agents within the “website security” company would include malicious codes to harvest the location (e.g. IP address) data of the device (mobile, tablet or computer) that opened the email. With this knowledge they would then target the IP address with malware and/or attempt to hack into the computer, cellphone or tablet and include the IP address into their spear phishing campaign.
OMS Security cyber capabilities uncovered malicious codes embedded into a series of emails sent to some of the targets. Many of these emails contained sexually explicit content with one outstanding purpose, to trick the target into opening the email as a part of CICO-SILO14 spear phishing campaign. This CICO-SILO14 malign activity, if successful, would compromise the personal and professional emails of the local business employees, volunteers and management.
Some of the emails made reference to malware contained in a site that needed to be locked out. CICO-SILO14 “website security” company hackers explained their “complimentary” site “scanner” “found a vulnerability” they would like to help resolve. These type emails contained malware targeting the device that would open the email, including location data.
Additionally, CICO-SILO14 would attempt to insert shellcode to fingerprint the target’s computer software system so as to collect the username and name of the computer then include this information in a url string which is then loaded into the memory for later use. CICO-SILO14 could then exploit this vulnerability to gain access to the computer system. This would allow the hackers/scammers to control the computer, if successful.
OMS researchers have been able to trace cellphone hacking directly to CICO-SILO14 even though they used software programs to hide the actual phone number they were calling from.
These CICO-SILO14 scammers would text message a target pretending to be a friend (phone number found in the phone’s contacts) to verify the number was a working phone then make some demand, deal or offer. Unknown to CICO-SILO14 scammers, on one occasion the friend had passed away several years earlier. Another example of malign actions was when they called a target using the target’s own phone number rather than a fake number. In some cases they would actually use a working number of a local business or a government agency.
In the six years this group has been in existence it has sent over 72,360 phishing emails and over 19,242 attempts to log into websites. OMS were able track each and every one over nearly six years. It may be possible CICO-SILO14 hackers have been in existence for more than six years.
The hackers of CICO-SILO14 who use a sophisticated network of legitimate businesses, cyber criminals, paid agents, botnets, and malicious software to take websites offline for pay shows the true nature of these hackers. CICO-SILO14 hackers have caused technical damage to online programs, financial and monetary losses over many years to unsuspecting victims.
Now having their identity exposed gives hope to victims that the end of their pain is near. As award winning writer, Zora Neale Hurston once wrote, “If you are silent about your pain, they’ll kill you and say you enjoyed it.”
CORONAVIRUS ALERT!
For more information on local responses to the novel coronavirus also called … COVID-19, contact your local healthcare provider or visit cdc.gov for the United States response to the coronavirus.
News you can use! Enjoy the best of news from your community by Alphabet Global News.
ALPHABET GLOBAL NEWS
Reliable. Trusted. Local. News.
On Mobile … Fast!
Written by
AlpLocal News Team
Disclaimer: This post does not represent the views or viewpoint of the owner of AlpLocal.com, AGN News or its representatives or reporters. Any content which references any person, entity or group with similar names, descriptions, or business interest in any geographical location or similar businesses is merely a coincidence and not directed at said business. AGN News is compiled from submissions by contributors or other sources.
