Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Russian Hackers Target Ukrainians' Personal Data, Says KyivHackers Are Targeting Ukrainian Insurance Companies for Their Personal Information
Ukraine's top cybersecurity agency says Russian hackers took a sudden interest in obtaining personal data and mounted successful attacks against more than one-third of the country's largest insurers.
See Also: Critical Infrastructure Cybersecurity & Risk Monitoring: Elections Infrastructure
In a monthly update on hacking activity, the State Service of Special Communications and Information Protection said it doesn't know the reason for the hackers' enthusiasm about personal data. Possibilities include psychological influence campaigns, blackmail or physical threats to those living in Russian-controlled areas.
Stolen data includes contacts, addresses, employer, vehicle data and other personal information.
During the first months of Russia's war of conquest against its European neighbor, The Associated Press reported on Russian hackers' in Ukrainian personal data. Hackers raided a national database of car insurance policies just weeks before the February 2022 invasion, the news wire reported. They also breached the Ministry of Internal Affairs. "The idea was to kill or imprison these people at the early stages of occupation,” Victor Zhora, a senior Ukrainian cyber defense official, told the AP.
Ukrainians who hold insurance policies, the SSSCIP wrote, tend to be in the top half of income earners, often in roles that are essential to the economy. "That is why such leaks jeopardize Ukraine's national security." The report says the stolen data could end up for sale on the dark web.
The SSSCIP attributes the attack to hacktivists, although Ukrainian cybersecurity officials are skeptical that genuine hacktivists exist in Russia.
Researchers from threat intel firm Mandiant earlier this year assessed with "moderate confidence" that some but not all Russian hacktivist groups coordinate operations such as distributed denial-of-service attacks with Kremlin intelligence. A U.K. government minister recently warned that nuisance Russian hackers have ambitions to launch destructive attacks (see: Russian Hacktivists Aspire to Attack Critical Infrastructure).
The agency also reiterated warnings against downloading pirate versions of software, saying that Russian hackers are distributing spyware-laden versions of applications on Ukraine-hosted torrents.
In late 2022, Mandiant reported on an operation focused on the Ukrainian government through Trojanized Windows 10 installers. The poisoned software was available on popular Ukrainian torrent tracker Toloka and the Russian tracker Rutracker. Mandiant attributed the operation to a hacking group it tracks as UNC4166.