An international hacking group might have targeted a North Texas business this week.
A Dallas-based online gaming company says the group spoofed its email address and then used it to send a series of threats to schools in California.
The group behind all of it calls itself “Apophis Squad.” It's claimed responsibility on Twitter for the threats. A North Texas man who runs a gaming company is now stuck in the center of it all. He says the threats haven't stopped.
When schools in parts of California were shut down on Monday and security was posted outside, it was because of emails saying "I am coming to school with 3 bombs, and a .22 handgun" sent to an area superintendent.
When the superintendent replied to the threat, the response came back to Hunter Frishman's computer in Collin County because it was sent from an email address tied to his company, Zonix.
“I was just in shock,” he said. “Didn't really know how to feel.”
Frishman runs Zonix, which provides servers and other services for people who play Minecraft.
On Sunday night just minutes before the threats were sent to the schools in California, Frishman had received demands through his company's messaging service. He says the person making the demands claimed to be from Apophis Squad, a group that previously claimed responsibility for hoax threats to 400 schools in the UK.
“One of the people from the group came and asked me to give them something in return. But they already were going to do it anyway so we didn't give in to it,” Frishman said. “I didn't know what to believe because I didn't know if this guy was acting to be them or if he was actually them.”
Frishman says hoax threats went out to California schools five minutes later. Other email addresses were spoofed to seem as if it came from Zonix. He called police and eventually got in touch with other law enforcement agencies around the country.
At this time, it's unclear if law enforcement in the U.S. or abroad has anyone in custody for the hoax threats, but Frishman says the hackers vowed to keep up the attacks as recently as Tuesday.
“They also said to me personally that they're not done and they are going to continue doing attacks,” Frishman said.
The Twitter account the group used to claim responsibility for the attack is now suspended. A new account has been created that also claims to be the group and vows that there will be more attacks in the U.S. and U.K. on Monday. The account says this one won't just be an email attack.