When Yahoo last week confirmed that 500 million of its accounts had been leaked following a hack that took place in 2014, the company said that state-sponsored actors were behind the attack. But according to an independent security firm, a gang of cybercriminals-for-hire was responsible.
Last year, Yahoo became one of several companies, including Google, Facebook, and Twitter, to say it would alert users who they suspect have accounts that have come under attack by state-sponsored hackers. It has never revealed how it determines this, or what evidence it has to prove the 2014 hack was orchestrated by a government.
Andrew Komarov, InfoArmor’s chief intelligence officer, concluded that the Yahoo hackers were cybercriminals after reviewing a sample of the leaked data. The firm acquired this from “operative sources” as part of an investigation into a five-person criminal gang located in Eastern Europe known as Group E.
“They have never been hired by anyone to hack Yahoo," said Komarov "They were simply looking for well-known sites that had many users […] According to our information, most of the group's clientele are spammers."
Komarov added that Group E has sold the Yahoo data to at least three different clients. One was a state-sponsored party who had an interest in exclusive database acquisition, and the other two were notable criminal gangs who planned to use it for spam campaigns. "We don't see any reason to say that it's state-sponsored. Their clients are state sponsored, but not the actual hackers," Komarov told the Wall Street Journal.
InfoArmor also believes that Group E was behind the high-profile hacks of LinkedIn, Tumblr, and Dropbox.