Ukraine dismantles hacker gang that stole 30 million accounts

The cyber department of Ukraine's Security Service (SSU) has taken down a group of hackers that stole accounts of about 30 million individuals and sold them on the dark web.

The hackers used malware to obtain credentials and other sensitive data available on victim systems in Ukraine and the European Union.

The SSU says that the threat actor offered data packs, which were purchased in bulk by pro-Kremlin propagandists, who then used the accounts to spread fake news on social media, instill panic, and cause destabilization in Ukraine and other countries.

"According to preliminary data, the hackers sold approximately 30 million accounts and received a "profit" of almost UAH 14 million ($380,000)," the SSU informs.

They used anonymous dark web markets to sell this information and received payments via YuMoney, Qiwi, and WebMoney, which are prohibited in Ukraine.

During the raids on the perpetrators' homes in Lviv, Ukraine, the police found and confiscated several hard drives with stolen personal data along with computers, SIM cards, mobile phones, and flash drives.

The number of individuals arrested remains undisclosed but they are all facing criminal charges for unauthorized sale or distribution of information with limited access stored in computers and networks. These charges come with multi year prison sentences.

Distributing fake news about the war has turned into an epidemic in Ukraine, starting immediately after the initial stages of the Russian invasion. The deluge of both disinformation and misinformation continues still.

In March, the SSU dismantled five disinformation bot farms across the country, which used 100,000 fake social media accounts. In August, a massive bot farm counting one million bots, was discovered and taken down by Ukraine's police.

In September, the SSU found two more bot farms spreading fake news on social media through 7,000 accounts.

In many cases, bot farms are easier to spot but by using accounts of real individuals the chances for the operation to be uncovered are much lower because of the history of the posts and the organic activity.