Since 2013, there has been a hacker targeting Canadian casinos and mining companies for the purpose of extortion. Researchers at FireEye Inc, a cyber security company, claimed in a report that the hacker is planning more attacks. FireEye has dubbed the hacker
FIN10 and believes that it either is a single hacker or a hacker group. FireEye has detected a number of breaches against various casinos and mining companies that were done in similar ways, which makes them believe that all of the breaches have been done by the same person, people or organization.
The hacker(s) broke into corporate systems, stole many gigabytes of sensitive information and requested bitcoin ransoms for the data. The hacker publicized that it stole the information by alerting bloggers. The methods of hacking that FireEye has observed have been used against organizations such as Casino Rama Resort, Detour Gold, and Goldcorp. Goldcorp is the third largest gold miner in the world, in market value.
According to FireEye, the hacker has used the name Angels_of_Truth at least once. The hacker claimed that it acted in retaliation for Canadian sanctions targeting Russia. Sometimes, the hacker used the name Tesla Team. FireEye claims that the hackers may not have any affiliation with organized criminals or backing from a nation-state.
FIN10 is currently keeping contact with their victims. The vice president at FireEye’s Mandiant Unit, Charles Calmakal, said that within the next weeks or months more victims may become aware of the danger.
FireEye believes that it is very likely that more breaches may happen, due to the fact that so many successful breaches by Fin10 have already happened. Further evidence suggests that more victims were targeted.
Detour Gold and Casino Rama have refused to comment on this issue. Because sensitive employee, customer and vendor data that was stolen from these companies was posted online, these companies are now facing class-action lawsuits. Goldcorp, a Vancouver-based company, has revised IT procedures, educated its staff about threats and increased network security protocols. A network group has been formed by a mining industry group to share knowledge about cyber security dangers.