A 16-year-old youth has been arrested in France on suspicion of having run a malware-for-rent business.
The unnamed Frenchman, who goes by online handles including “ChatNoir” and “Casquette”, is said to be a key member of the Epsilon hacking group, which has in the recent past stolen millions of records from the likes of French tech hardware store LDLC, exfiltrated a database containing details of over 4 million customers from the Sport 2000 group, and hijacked the social networks of broadcasters.
Media companies that found themselves the recipients of Epsilon’s unwanted attention included India’s MediaOne TV channel, whose YouTube account was compromised to post a video by the hackers.
The hackers also broke into the official social media accounts of French TV news network BFM and channel RMC in order to criticise Russia, and mock the victims of a terror attack in Moscow.
The group even bizarrely broke into a parody account of French President Emmanuel Macron.
What is unclear is just what the motivation for these hacks was, in particular, the breach of high-profile social media accounts. Â One theory is that the group was actually using the attention-grabbing compromises to advertise password-stealing malware that they were prepared to rent out to interested parties. For instance, it was not unusual for the hackers to promote their Telegram and Discord channels.
The Epsilon hacking group is thought to be responsible for WaveStealer, a relatively sophisticated example of information-stealing malware that has emerged recently after being offered for low cost on Telegram and Discord.
WaveStealer has often been disguised as an installer for video games. It targets web browsers and cryptocurrency wallets, stealing information that can help criminals break into accounts and steal funds.
It certainly sounds plausible that just such a tool could have been used to seize passwords out of the hands of social media managers employed by TV companies.
According to a report in Le Monde, the Epsilon group announced on its Telegram channel on Tuesday that “ChatNoir” had recently been arrested and that the hacking gang was ceasing its activities.
All of which sounds a lot less confident than how Epsilon’s Twitter account presented itself back in March when it claimed:
“We won’t be found or whatever, BFM are not the only ones on the list. Chatnoir x Casquette.”
Epsilon’s Twitter account has been silent since April 9.