Three individuals stand accused of leading a large-scale hacking operation targeting email and Instagram accounts, potentially involving over 100 million users worldwide.
Ukrainian law enforcement officials, in collaboration with investigators from the Kharkiv region, apprehended three suspects – aged 20 to 40 – believed to be responsible for hacking email and Instagram accounts.
The investigation revealed the group’s modus operandi involved using a “brute force” method, employing software to try a massive number of password combinations until successful.
Authorities emphasize the importance of two-factor authentication and strong passwords to safeguard against such attacks.
The investigation suggests the group operated for at least a year, accumulating a database containing over 100 million stolen accounts from users across the globe.
This information will be meticulously analyzed as the investigation unfolds. Operating from different regions within Ukraine, the group allegedly coordinated online.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
The suspected ringleader assigned tasks to members who compiled hacked account databases and sold them on the darknet – a hidden part of the internet often used for illegal activities.
Suspected Clients And Motive:
According to intelligence, the primary clients for these compromised accounts were likely fraudulent groups operating in the darknet.
These groups might have purchased stolen accounts for various scams, potentially involving schemes like “Friend Asks for Debt.”
Law enforcement conducted searches at seven locations across Ukraine, seizing over 70 computer devices, 14 phones, bank cards, and cash exceeding $3,000. A court petition for the seized property has been submitted.
The three suspects face potential charges under Article 28.3 and 361.5 of the Ukrainian Criminal Code, pertaining to unauthorized access to computer systems and electronic communications.
Conviction could lead to a maximum sentence of 15 years imprisonment. Authorities are seeking pre-trial detention for the suspects.
Possible Collaboration With Russia:
Investigators are probing a possible connection between the accused and Russian agents.
The investigation suspects the stolen accounts may have been used for “information warfare operations” supporting Russia.
The investigation remains active, with the possibility of additional charges based on future findings.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.