The cyber department of Ukraine‘s Security Service (SSU) has dismantled a hacking group acting on behalf of Russian interests operating from Lviv, the largest city in western Ukraine.
The malicious group sold 30 million accounts belonging to residents from Ukraine and the European Union on the dark web accumulating a profit of $372,000 via banned electronic payment systems YuMoney, Qiwi, and WebMoney, in Ukraine.
As per the SSU’s press release, the hackers were pro-Kremlin propagandists who primarily targeted Ukrainian citizens and people in Europe to exfiltrate the private details of unsuspecting users.
The malicious actors exploited these accounts to spread chaos and panic in the region through disinformation campaigns and to encourage wide-scale destabilization in Ukraine through fake news.
“Their wholesale customers were pro-Kremlin propagandists. It was they who used the received identification data of Ukrainian and foreign citizens to spread fake news from the front and create panic. The goal of such manipulations was large-scale destabilization in countries,” the Security Service of Ukraine (SSU) stated. “It was also established that hacked accounts were allegedly used on behalf of ordinary people to spread disinformation about the socio-political situation in Ukraine and the EU.”
During the searches, the law enforcement agencies seized magnetic disks containing private data as well as computer equipment, mobile phones, SIM cards, and flash drives containing evidence of illegal activities from the searches carried out at the hackers’ homes.
“Currently, the organizer has been notified of the suspicion under Part 1 of Art. 361-2 (unauthorized sale or distribution of information with limited access, which is stored in electronic computing machines (computers), automated systems, computer networks or on media of such information) of the Criminal Code of Ukraine,” SSU concluded.
Ukrainian organizations facing the heat
Multiple hackers from across the globe have tried to capitalize on the ongoing conflict between Russia and Ukraine to launch a barrage of cyberattacks. Earlier this year in June, the malicious actors targeted the Ukrainian streaming service Oll.tv and replaced the broadcast of a football match between Ukraine and Wales with Russian propaganda.
One month later in July, the anonymous hacking group targeted Ukrainian radio operator TAVR Media to spread fake news that Ukrainian President Volodymyr Zelensky was hospitalized and in critical condition.
The hackers broadcasted reports that the Ukrainian President was in an intensive care ward and that his duties were being temporarily performed by the Chairman of the Ukrainian parliament Ruslan Stefanchuk, the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) stated.