A newly established hacktivist group called “Five Families” has taken responsibility for a cyber attack on computer hardware accessories manufacturer Biostar. The company, which is based in Taiwan and has a global presence, experienced a breach in its cybersecurity defenses, leading to the unauthorized access to sensitive data belonging to both customers and employees. While the attack has not been officially confirmed by Biostar, the hacktivist group made a public announcement on the messaging platform Telegram, claiming responsibility for the breach.
The announcement by Five Families on Telegram was shared by the Threat Intelligence platform Falcon Feeds, who also provided a screenshot of the message. In their post, the hacktivist collective mocked the cybersecurity infrastructure of Biostar and criticized the company’s web developers for not implementing adequate security measures. They also mentioned the involvement of another cybercriminal group, GhostSec, in the attack.
The post on Telegram included two links, one for downloading the exfiltrated data from the Biostar cyber attack and another for the password to access the data. Falcon Feeds reported that the post had received 1.9k views at the time of their reporting on the security breach. Meanwhile, the website of Biostar remained accessible when checked by The Cyber Express, a cybersecurity news outlet.
Five Families is a newly formed group that consists of leaders from five different cybercriminal groups, namely ThreatSec, GhostSec, SiegedSec, Stormous, and Blackforums. The group was established in August 2023 with the aim of better unity and connections within the underground hacking community. This collective has been involved in launching multiple cyber attacks, including the recent one against Alpha Automation, a Brazil-based company.
In a separate announcement on Telegram, a member from the group SiegedSec, known as Vio or YourAnonWolf, declared their departure from the Five Families. They expressed their desire to focus on real-life matters instead of hacking, although they stated their intention to remain within the hacking community but without affiliating with any specific group.
It is worth noting that many hackers, including those arrested, are often found to be teenagers. One example is Arion Kurtaj from the Lapsus group, who was charged with various crimes including blackmail, fraud, and computer misuse. Despite his advanced hacking skills, Kurtaj was assessed as unfit for trial by a team of psychiatrists. He was also reported to have recruited insiders to gain access to organizations’ systems.
The Cyber Express would like to emphasize that this report is based on internal and external research, and users should exercise caution when relying on this information. The accuracy and consequences of using this information are the full responsibility of the users. The Cyber Express assumes no liability for any inaccuracies or outcomes resulting from the use of this information.