Sebastien Raoult, a 22-year-old individual from France, has pleaded guilty in the U.S. District Court of Seattle to charges related to his involvement with the ShinyHunters hacking group.
Operating under the alias ‘Sezyo Kaizen,’ Raoult was arrested in Morocco and subsequently extradited to the United States in January 2023. The charges against him include conspiracy to commit wire fraud and aggravated identity theft.
The ShinyHunters group, notorious for its cybercriminal activities, engaged in hacking corporate computers to pilfer sensitive corporate and customer data, which they then offered for sale on various dark web forums and marketplaces, as well as through Telegram channels.
According to the U.S. Department of Justice (DoJ), the collective damage caused by these activities surpassed $6,000,000, with records from hundreds of millions of individuals being compromised. The stolen data encompassed personally identifiable information and financial data.
Raoult’s guilty plea sheds light on the group’s tactics, including not only data theft but also extortion of breached firms, with some ransom payments reaching as high as $425,000. Additionally, they profited by cryptomining when breaching companies’ cloud computing providers, leaving the victimized companies to cover the computing costs.
Raoult’s plea agreement also revealed that the ShinyHunters hackers employed various techniques, such as creating phishing sites that imitated legitimate login pages, to compromise companies. They meticulously scoured stolen data for additional account credentials to gain further access.
As a result of his guilty plea, Sebastien Raoult faces a potential prison sentence of up to 27 years for wire fraud conspiracy, coupled with at least another two years for aggravated identity theft.
This case underscores the severity of cybercrimes and the legal consequences cybercriminals may face, particularly when involved in extensive and damaging activities such as those orchestrated by the ShinyHunters group.