Ukraine arrests hackers behind Apple phishing schemes

By Amber Neely

The Security Service of Ukraine (SSU) has arrested five individuals believed to be involved in the international "Phoenix" hacking group, which performed phishing attacks using cloned Apple support websites.

Assorted stolen iPhone [via Security Service of Ukraine]

The SSU notes that the suspects lived in Kyiv or Kharkiv, and all five were higher technical education institute graduates. Police have since seized computer equipment, mobile phones, software, and hardware believed to be used by the group.

Phoenix specialized in gaining remote control of mobile devices through phishing attacks. The group would direct users to phishing sites that were clones of official Apple and Samsung support sites.

According to BleepingComputer, the scheme went on for at least two years, with the hackers successfully gaining access to several hundred people's accounts.

Phoenix also offered remote mobile phone hacking services to individuals, charging between $100 and $200.

Investigators also discovered that the hackers had been unlocking stolen or lost devices made by Apple. Once unlocked, the group would sell the devices to unwitting customers.

SSU believes that the five arrested individuals comprise the entirety of Phoenix but plan to continue investigations to find any remaining conspirators.

Phoenix now faces charges relevant to Article 361 of the Criminal Code of Ukraine, which focuses on illegal interference in the work of electronic computers, systems, and computer networks.

In August, a hacker known for data breaches had allegedly gained access to gigabytes of AT&T customer information, including social security numbers. The hacker, known as "ShinyHunters," had requested $1 million to take the data offline.

AT&T denied the information had come from their servers.

That same month, T-Mobile had become aware of a breach of its servers that had resulted in harvested data on over 100 million customers being sold on a hacker forum.