After the Yahoo data breach was found to be one of the most massive in history, the company declared that there was a "state-sponsored" group behind the attacks. However, given the domain of investigation, it is complicated to sustain such statements with conclusive evidence, even for Yahoo.
The breach leaked information of about roughly 500 million users, and Yahoo says the cyber attack took place in late 2014.
However serious the claims from the company, it is hard to confirm the identity or intentions of the professional black hats.
As everybody seems to be aware of the gravity of this intrusion, an FBI spokesman declared that they "take these types of breaches very seriously and will determine how this occurred and who is responsible. [They] will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals."
Now, a report from security company InfoArmor seems to bring some new details into discussion.
The company seems to have partial access to the Yahoo database and has managed to decrypt eight passwords for Yahoo accounts, along with personal data such as phone numbers, ZIP codes and other associated information.
The hackers, who haven't yet been identified, are called "Group E" and sold the Yahoo database at least three times. One of the clients appears to have been a state-sponsored actor.
Andrew Komarov, chief intelligence office at InfoArmor, said the black hat men have a "significant criminal track record" and they seem to be very active in the money making business.
The breach is related to the LinkedIn case and Russian hackers, as the cybercriminal who published their leaked data for sale operated under the name tessa88. The man behind this account was also the first to mention about the Yahoo account credentials being leaked and out for sale. According to InfoArmor, the man was a proxy between the men behind the data breach and potential buyers.
An account of the user tessa88 was made public by the security company, along with the explanation of the mediation. As it turns out from the data on his profile, the hacker doesn't seem to have too many details on the information he is selling. Another cyber actor, going by the name Peace_of_Mind, was found to have collaborated with tessa88 in the compromised data exchange.
InfoArmor says that following a conflict between the two partners, "the bad actors exfiltrated the data in segments which is supported by the fact that the database dump is divided into over a hundred equal parts, delivered in different files that are organized alphabetically by the name of user accounts."
Additional information places the Yahoo cyber attack as a key in other several attacks targeting the U.S. government's personnel.
Photo: Johan Viirok | Flickr