Rex Mundi logo

Europol, French, UK, and Thai police arrested eight people they suspect to have been involved or to have been part of a notorious hacker group known as Rex Mundi (Latin for "King of the World").

The group has been active since at least 2012. Its modus operandi revolved around hacking into companies' networks, stealing private information, and later contacting the victims to request the payment of a ransom fee.

Hackers demanded fees for not disclosing the hacks, but sometimes also asked for higher sums of money for revealing the security flaw they used to enter the victim's network.

Group left a trail of hacked firms in its wake

While the date the group formed is unknown, the earliest reports of Rex Mundi hacks go back to the summer of 2012.

In the early 2010s, when hacker groups like Anonymous or LulzSec were a bit more brash about their hacks, Rex Mundi often bragged about their recent victims, announcing hacks on Twitter, and often dumping data when companies didn't pay.

According to a trail of hacks documented on Softpedia's Security News section, past victims included —in chronological order— AmeriCash Advance, Webassur, Drake International, Buy Way, Hoststar, Websolutions.it, Numericable, Habeas, AlfaNet, Domino's Pizza, and Banque Cantonale de Geneve (BCGE).

But as law enforcement started arresting hackers and hacktivists left and right, the group changed its modus operandi and eventually went underground. Rex Mundi abandoned its flashy mode of operation and continued to work in the shadows, without announcing their hacks online, to reporters, or leaking data when companies failed to pay.

One hack goes bad

The group continued to operate until last year, according to Europol. The hack that undone them was of a British-based firm, whose network they'd breached, stole data from, and later attempted to extort.

Days after this hack, Rex Mundi contacted the company via telephone and requested their usual ransom. According to Europol, a French-speaking person demanded payments in Bitcoin equivalent to €580,000 ($675,000) for not disclosing the hack and €825,000 ($960,000) for also revealing how they broke in. For each day the company failed to respond, Rex Mundi would add another €210,000 ($245,000) on top of the ransom fee.

These sums are far from the initial ransom demands of $5,000 - $10,000 the group used to make in the early 2010s.

The British company declined to pay, and instead contacted authorities. Information gathered by UK police led to the arrest of five French nationals a month later, in June 2017.

One of these persons, the leader, admitted his role in the extortion scheme, while also revealing they didn't do any of the hacking but hired hackers on the Dark Web to do this instead.

French police arrested two of these hackers in October 2017, and Thai police arrested a third in May 2018, effectively putting an end to one of the longer lasting hacking groups of this decade.

Related Articles:

New Sextortion Scam Pretends to Come from Your Hacked Email Account

Mongo Lock Attack Ransoming Deleted MongoDB Databases

Andromeda Botnet Operator Released With a Slap on the Wrist