Ukraine Takes Down Hacker Group Selling Stolen Credentials to “Pro-Kremlin Propagandists”

The Ukrainian Security Service (USS) announced on Friday that they had “neutralized” a hacker group responsible for selling internet accounts belonging to citizens of Ukraine and across the European Union. In a press release, Ukrainian officials claimed that the data was sold on an “anonymous darknet platform” to “pro-Kremlin propagandists” who used the credentials to spread “fake news from the front and create panic.” The release did not state on which platform the data had been sold.

The group was operating at least partially within the country, with hard drives containing personal data of Ukrainians and computer equipment, mobile phones, SIM cards, and flash drives connected to “illegal activity” confiscated in a raid by law enforcement in Lviv. In all, an estimated 30 million accounts were sold by the hacking group who made a profit of close to 14 million UAH (approx. $380,000).

Inventory of items seized by the SSU from the hacking group. Source: ssu.gov.ua

“The goal of such manipulations was large-scale destabilization in countries,” according to the SSU press release, which added that “hacked accounts were allegedly used on behalf of ordinary people to spread disinformation about the socio-political situation in Ukraine and the EU.” The organizer of the hacking group is being charged with violating Part 1 of Art. 361-2 of Ukraine’s criminal code, which involves unauthorized sale or distribution of information with limited access stored in computing machines.

Ukraine has faced a myriad of significant cyber threats which were either found or believed to be emanating from Russia since mid-February and the onset of the Russia-Ukraine war. On Feb. 16, Ukrainian officials announced that they had detected “a trace of foreign intelligence services” linked to a wave of “unsophisticated cyberattacks” targeting ATMs and banks within the country. On June 28, Ukrainian cyber security experts foiled an attempt by Russian intelligence agencies to disrupt a tele-marathon on the eve of Ukraine’s day of independence.