Ukrainians crack network that stole 100m email, social accounts

Police in Kharkiv in northeastern Ukraine have announced the arrests of three cyber criminals who hacked into and appropriated the personal email and social media accounts, specifically Instagram accounts, of over 100 million internet users.

Ukrainian law enforcement searched seven properties of those involved in Kyiv, Odesa, Vinnytsia, Ivano-Frankivsk, and the Kyiv, Donetsk and Kirovohad regions, seizing 70 computers, 14 phones, bank cards and over $3,000 in cash.

The attackers, aged between 20 and 40, were identified by Kharkiv’s regional cyber police working alongside regional prosecutors and state police forces – although they lived in different parts of Ukraine, communicating with one another via the internet.

They used brute force methods, using automated methods to bombard targeted accounts with repeated weak password combinations until finding a match.

Once they had obtained their victims’ accounts, they acted as initial access brokers (IABs) and sold databases of hacked accounts on underground, dark web forums. According to operational information, their clients were mostly fraudsters who co-opted the accounts into various scams, such as asking contacts and followers for loans or emergency funds.

The Ukrainians said that some of the accounts may also have been used in the service of Russian intelligence goals.

Those arrested face up to 15 years in prison under Ukrainian laws covering unauthorised interference in IT and communications systems and networks.

Jamie Akhtar, CEO and co-founder at CyberSmart said: “Following the takedown of LockBit in February, this is another heartening story.  It demonstrates that cyber criminals can be caught and brought to justice. However, we shouldn’t rest on our laurels, for each of these groups that is shut down another will spring up in its place and those still at large will learn from how their peers were caught.

“We don’t say this to be defeatist. It’s simply a reminder that as cyber threats continue to evolve so too must our defences.”

Despite two years of war, Ukraine is effective on cyber crime

The arrests serve as a reminder that although the core of the financially-motivated cyber criminal underground is based in Russia, Ukraine has also historically harboured a good number of cyber criminal operators.

However, unlike Moscow, which permits cyber criminals to operate from its territory with impunity and will not extradite to the West, the authorities in Kyiv operate transparently and take such matters very seriously. As such, the Ukrainians have been consistently effective against cyber criminal operations, in spite of the impact of two years of war in the country.

Indeed, some of the more high-profile arrests of cyber criminals since Russia invaded Ukraine in 2022 have either taken place in Ukraine itself, or been made against Ukrainian nationals who were involved in cyber crime and were foolish enough to cross the border with the European Union (EU).

Notable anti-cyber crime operations to have taken place on Ukrainian soil include the June 2021 arrests of individuals associated with the Clop/Cl0p ransomware crew, a November 2023 action against people involved in the use of multiple ransomwares including LockerGoga, MegaCortex, Hive and Dharma, and this year, Operation Cronos, the multinational action against LockBit.

Exit mobile version