{
	"id": "e6ed968d-53f1-44c5-a1eb-b48d7ae3b0ba",
	"created_at": "2026-04-06T15:52:11.421108Z",
	"updated_at": "2026-04-10T03:34:59.562212Z",
	"deleted_at": null,
	"sha1_hash": "736a23df10518e79480e929cf3a4c78084aa3fa5",
	"title": "Alleged French cybercriminal to appear in Seattle on indictment for conspiracy, computer intrusion, wire fraud and aggravated identity theft",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40027,
	"plain_text": "Alleged French cybercriminal to appear in Seattle on indictment\r\nfor conspiracy, computer intrusion, wire fraud and aggravated\r\nidentity theft\r\nPublished: 2023-01-26 · Archived: 2026-04-06 15:31:58 UTC\r\nSeattle – A 21-year-old French citizen from Epinal, France, will appear tomorrow January 27, 2023, in U.S.\r\nDistrict Court in Seattle on a nine-count indictment alleging conspiracy to commit computer fraud and abuse,\r\nconspiracy to commit wire fraud, four counts of wire fraud and three counts of aggravated identity theft,\r\nannounced U.S. Attorney Nick Brown.  Sebastien Raoult aka Sezyo Kaizen, was arrested last year in Morocco and\r\nwas extradited to the U.S. this week.  Raoult and two co-conspirators were indicted by a grand jury sitting in the\r\nWestern District of Washington on June 23, 2021.  Raoult’s initial appearance will be at 2:00 PM in front of\r\nMagistrate Judge Michelle L. Peterson\r\n“Too many bad actors believe they can illegally access proprietary information and personal financial information\r\nby hiding behind a keyboard,” said U.S. Attorney Nick Brown. “FBI Seattle Cyber Task Force and our\r\nexperienced cyber unit is working diligently to identify, arrest, and prosecute those who seek to victimize people,\r\nbusinesses, and industries in the Western District of Washington and around the world.”\r\nAccording to the indictment, Raoult was a participant in a hacking group that dubbed itself the “ShinyHunters.” \r\nThe conspirators allegedly hacked into protected computers of corporate entities for the theft of proprietary and\r\ncorporate information.  The group advertised sensitive stolen data for sale and sometimes threatened to leak or sell\r\nstolen sensitive files if the victim did not pay a ransom.  Since early 2020, ShinyHunters Group has marketed and\r\npromoted data stolen from more than 60 companies in Washington State and elsewhere around the world.\r\nAccording to the indictment, the conspirators created websites that appeared to be login pages belonging to\r\nlegitimate businesses.  The conspirators allegedly sent phishing emails to company employees that were designed\r\nto look like they came from legitimate businesses and contained links to those login pages.  When victims\r\nprovided their account sign-on credentials on those login pages, the conspirators obtained the victims’ credentials. \r\nUsing the stolen credentials, the conspirators allegedly accessed protected computers with companies’ data. \r\nThe ShinyHunters maintained accounts on various dark web sites where they advertised stolen data for sale,\r\nincluding customer databases with personal and financial information.  The conspirators also used social media\r\naccounts to direct potential buyers to the dark web marketplaces to purchase stolen data.  Sometimes the\r\nconspirators alerted the media to their hacking or posted images on a victim website claiming credit for hacking\r\nthe company. \r\nSome of the victims of the ShinyHunters hacking were located in the Western District of Washington but others\r\nwere located around the world.  The victims range from tech companies, to an international stock trading\r\ncompany, to an apparel company, and a nutrition and fitness company.  Millions of customer records were\r\nincluded in the stolen data.\r\nhttps://www.justice.gov/usao-wdwa/pr/alleged-french-cybercriminal-appear-seattle-indictment-conspiracy-computer-intrusion\r\nPage 1 of 2\n\nIn addition to the conspiracy counts, the wire fraud counts correspond to particular malicious emails to entities in\r\nthe State of Washington and other transmissions involving the State of Washington.  The three identity theft counts\r\nare for the use of other people’s log-in credentials to access victim company data.\r\nIn addition to Raoult, the indictment charges 23-year-old Gabriel Kimiaie-Asadi Bildstein aka “Kuroi” and\r\n“Gnostic Players,” of Tarbes, France, and 22-year-old Abdel-Hakim El Ahmadi aka “Zac” and “Jordan Keso” of\r\nLyon, France.\r\nThe conspiracy to commit computer fraud and abuse charge is punishable by a maximum of ten years in prison. \r\nThe conspiracy to commit wire fraud count is punishable by a maximum of 27 years in prison.  Wire fraud is\r\npunishable by a maximum of 20 years in prison.  Aggravated identity theft is punishable by a mandatory minimum\r\ntwo-year prison term to follow any other prison sentence imposed in the case.\r\nThe charges contained in the indictment are only allegations.  A person is presumed innocent unless and until he or\r\nshe is proven guilty beyond a reasonable doubt in a court of law.\r\nThe case is being investigated by the FBI Seattle Cyber Task Force.  The case is being prosecuted by Assistant\r\nUnited States Attorney Miriam Hinman.  DOJ’s Office of International Affairs is providing substantial assistance.\r\n The Department of Justice also appreciates the significant cooperation and assistance provided by Moroccan and\r\nFrench authorities.\r\nSource: https://www.justice.gov/usao-wdwa/pr/alleged-french-cybercriminal-appear-seattle-indictment-conspiracy-computer-intrusion\r\nhttps://www.justice.gov/usao-wdwa/pr/alleged-french-cybercriminal-appear-seattle-indictment-conspiracy-computer-intrusion\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"MISPGALAXY"
	],
	"references": [
		"https://www.justice.gov/usao-wdwa/pr/alleged-french-cybercriminal-appear-seattle-indictment-conspiracy-computer-intrusion"
	],
	"report_names": [
		"alleged-french-cybercriminal-appear-seattle-indictment-conspiracy-computer-intrusion"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775490731,
	"ts_updated_at": 1775792099,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/736a23df10518e79480e929cf3a4c78084aa3fa5.pdf",
		"text": "https://archive.orkl.eu/736a23df10518e79480e929cf3a4c78084aa3fa5.txt",
		"img": "https://archive.orkl.eu/736a23df10518e79480e929cf3a4c78084aa3fa5.jpg"
	}
}