Julius “Zeekill” Kivimäki, a 25-year-old Finnish man who has been apprehended on Friday by French police is suspected of breaching the patient records of more than 33,000 psychotherapy clients and leaking therapy notes for more than 22,000 patients online in Finland.
Zeekill convicted of committing tens of thousands of cybercrime is a well-known cyber-criminal According to Finland's National Bureau of Investigation, he had been running from police since October 2022, when he failed to show up in court and Finland issued an international arrest warrant for him.
According to the officials, in late October 2022, Kivimäki was charged and arrested in absentia for attempting to extort money from the Vastaamo Psychotherapy Center.
The NBI announced in November that the Helsinki District Court remanded Kivimäki in absentia last October and he was also added to Europol's "most wanted" list.
However, he denied being involved in Vastaamo's data breach.
Additionally, the National Bureau of Investigation (NBI) said that the Finnish officials are working and investigating closely with their French counterparts about Kivimäki's extradition.
Vastaamo was the major data breach in November 2018 and March 2019, in which the sensitive credentials of around 30,000 patients were compromised, and then money was extorted from the victim organizations as well as its clients.
However, when the Vastaamo refused to pay ransom money, then the threat actor started sending threatening emails to targeted individuals to publish their therapy notes unless a ransom worth 500 euros was paid. Nevertheless, the hacker got little success in its mission.
“Among those who grabbed a copy of the database was Antti Kurittu, a team lead at Nixu Corporation and a former criminal investigator. In 2013, Kurittu worked on an investigation involving Kivimäki’s use of the Zbot botnet, among other activities Kivimäki engaged in as a member of the hacker group Hack the Planet (HTP)...,” Kurittu said. “…It was a huge opsec [operational security] fail, because they had a lot of stuff in there — including the user’s private SSH folder and a lot of known hosts that we could take a very good look at declining to discuss specifics of the evidence investigators seized. There were also other projects and databases.”