Kelvin Security has been active since 2013, targeting public-facing systems to obtain user credentials and steal confidential data, which they would sell or leak on hacking forums.