The holiday spirit was not lost on everyone as researchers at Kaspersky Labs came across what the company believes are some white hat hackers trying to recover stolen data.
Kaspersky's Ido Naor, writing on the company's SecureList blog, noted that while researchers were hunting around for info on a RAT malware called Hawkeye they found a gang who dubbed themselves Group Demostenes. These people were spending their time trawling for command-and-control servers run by cybercriminals and when one was detected, the group would exfiltrate the stolen data and then warn potential victims.
“When such a server was found, the group looked for a backdoor that would give them control over the file system,” Naor said. "They would then monitor the incoming, stolen data. Either manually or automatically, they would collect the stolen credentials and send emails to the victims' accounts."
The group may have named itself after the ancient Greek statesman Demosthenes who is known for saying “All speech is vain and empty unless it be accompanied by action.”
The form below, albeit porrly written, was sent to victims informing them that they had been compromised in some fashion, according to Kaspersky.