Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Russian Hackers Target Ukrainians' Personal Data, Says Kyiv

Hackers Are Targeting Ukrainian Insurance Companies for Their Personal Information
Russian Hackers Target Ukrainians' Personal Data, Says Kyiv
Ukrainian police say the Russian army shelled these Donetsk apartment buildings on April 15, 2023. (Image: Donetsk Region Police)

Ukraine's top cybersecurity agency says Russian hackers took a sudden interest in obtaining personal data and mounted successful attacks against more than one-third of the country's largest insurers.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

In a monthly update on hacking activity, the State Service of Special Communications and Information Protection said it doesn't know the reason for the hackers' enthusiasm about personal data. Possibilities include psychological influence campaigns, blackmail or physical threats to those living in Russian-controlled areas.

Stolen data includes contacts, addresses, employer, vehicle data and other personal information.

During the first months of Russia's war of conquest against its European neighbor, The Associated Press reported on Russian hackers' in Ukrainian personal data. Hackers raided a national database of car insurance policies just weeks before the February 2022 invasion, the news wire reported. They also breached the Ministry of Internal Affairs. "The idea was to kill or imprison these people at the early stages of occupation,” Victor Zhora, a senior Ukrainian cyber defense official, told the AP.

Ukrainians who hold insurance policies, the SSSCIP wrote, tend to be in the top half of income earners, often in roles that are essential to the economy. "That is why such leaks jeopardize Ukraine's national security." The report says the stolen data could end up for sale on the dark web.

The SSSCIP attributes the attack to hacktivists, although Ukrainian cybersecurity officials are skeptical that genuine hacktivists exist in Russia.

Researchers from threat intel firm Mandiant earlier this year assessed with "moderate confidence" that some but not all Russian hacktivist groups coordinate operations such as distributed denial-of-service attacks with Kremlin intelligence. A U.K. government minister recently warned that nuisance Russian hackers have ambitions to launch destructive attacks (see: Russian Hacktivists Aspire to Attack Critical Infrastructure).

The agency also reiterated warnings against downloading pirate versions of software, saying that Russian hackers are distributing spyware-laden versions of applications on Ukraine-hosted torrents.

In late 2022, Mandiant reported on an operation focused on the Ukrainian government through Trojanized Windows 10 installers. The poisoned software was available on popular Ukrainian torrent tracker Toloka and the Russian tracker Rutracker. Mandiant attributed the operation to a hacking group it tracks as UNC4166.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.