A threat actor stole the identities of recipients of the US Congressional Medal of Honor and used their personal data to purchase goods from American military exchanges.
According to a Secret Service search warrant application obtained by The Daily Beast, the identities of a third of the living holders of the US government's highest and most prestigious military decoration were stolen in the attack.
In the affidavit, Special Agent Matthew O'Neill writes the United States Secret Service "is currently investigating a matter in which the personally identifiable information (PII) of 22 of 75 living Congressional Medal of Honor recipients was used to create fraudulent lines of credit at the Army and Air Force Exchange Service (AAFES) in order to purchase items utilizing the newly created fraudulent lines of credit, all in violation of 18 U.S.C. § 1029 (access device fraud)."
AAFES is an agency of the US Department of Defense. It was founded in 1895 to provide quality merchandise and services to authorized customers at uniform low prices and to generate earnings to supplement funds for US Army and Air Force morale, welfare, and recreation programs.
Items purchased by the threat actor using the stolen identities included luxury watches and tens of thousands of dollars’ worth of Apple products. The fraudulently obtained goods were shipped to various commercial reshipping companies, including UNEOL Post, a commercial reshipper based in New Hampshire.
At least 5 reshippers received the purchases, all of which were eventually shipped to various addresses in Russia. In addition to using companies, the threat actor exploited individuals recruited through online ads.
"An individual re-shipper named Kiril Motorin, located in Gaithersburg, MD, advised that he became a re-shipper after responding to an employment advertisement on a website used by Russians living in the Washington, DC, area," wrote O'Neill.
"Motorin provided me e-mails, sent to him from maksim.zna@gmail.com, which provided Motorin instructions such as where to send the merchandise and on how Motorin would be paid for re-shipping the merchandise."
According to investigators, the threat actor netted $54,530.92 through approximately 50 separate fraudulent transactions.
The individuals whose personal information was stolen are not named in the affidavit, which was unsealed in December 2020.