A violent gang has been using information culled from hacked U-Haul employee accounts to target victims for hacking and doxing, according to a new report from 404 Media. The gang in question, known as Com, has been connected to a broad variety of crimes, including hacking, burglary, and home invasion.
Com is a loose affiliation of criminals who meet and communicate using Telegram and Discord. 404 previously reported on the gang’s activities. Now, the outlet has discovered one of the chief ways the criminals find data on potential hacking targets: compromised U-Haul employee accounts. These hacked employee accounts allow gang members to find data on U-Haul customers, who are potential targets for doxxing and data theft. The data connected to users’ U-Haul accounts can be used to create social engineering schemes that Com members can weaponize to hack users’ more important accounts (such as social media or ISP accounts).
404 discovered the gang’s U-Haul method by speaking to a cybercriminal who sells phishing software that is used to hijack U-Haul employees’ company accounts. 404 quotes a web user known as Pontifex, who is the administrator of a phishing tool called Suite. Suite can be used by cybercriminals to phish corporate employee login pages, thus delivering them access to corporate networks. “U-Haul has lots of information, it can be used for all sorts of stuff,” Pontifex told the outlet. “One of the primary cases is for doxing targs [targets] since they [seem] to have information not found online and ofc U-Haul has confirmed this info with the person prior.”
404 implies a potential connection between the multiple hacking episodes that U-Haul has suffered in recent years, and the cyber-criminal activity targeting employee accounts. Last February, the company suffered a data breach in which some 67,000 customers’ information was impacted. The information that was involved included data points like driver’s license information and other “card numbers.” The company was also hacked in 2022.
Gizmodo reached out to U-Haul for comment. The company did not respond to 404 Media’s requests for comment.
Hackers will generally use any data they can get their hands on to further their schemes. The more interesting trend that Com seems to signify is the growth of cyber-physical partnerships between digital criminals and on-the-ground criminals. A recent report showed that cryptocurrency hackers had partnered with teams of home invaders, who would break into known crypto-owners’ homes, beat and threaten them, and then retrieve the victim’s crypto wallet, allowing their accounts to be drained of funds. The criminals would then split the proceeds amongst themselves.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25822235/IMG_1601.jpeg)
English (US) ·