Ukrainian law enforcement in the region of Kharkiv arrested 3 members of an organized criminal group that stole email and Instagram credentials from 100 million people around the world. The arrested members of the criminal group face up to 15 years in prison if convicted by Ukrainian courts.
In a press release, the Cyber Police of Ukraine said that they are investigating whether the criminals cooperated with Russia, “as stolen accounts, in particular, were used to conduct psyop (psychological operations) in the interests of the Russian Federation.”
Cyber Police raid in Ukraine reveals ongoing investigations
On March 19, officers of the Cyber Police Department of the National Police of Ukraine, along with tactical armed police, burst through the doors in 7 locations after executing knock-and-announce warrants.
Law enforcement agents searched a total of 7 residences linked to the criminal group in Kyiv, Odesa, Vinnytsia, and Ivano-Frankivsk, as well as the Donetsk and Kirovohrad regions.
In total, over 70 pieces of computer hardware, 14 phones, bank cards, and cash were seized during the orchestrated raids. Law enforcement requested to seize all of the property.
Preliminary examinations of the seized technology reveal that at least 100 million credentials, including usernames and passwords, had been stolen by the group. Further investigation could reveal a greater number of connections between the group and international cybercriminals, as well as Russian-supported cyber gangs.
Cyber Police ask Ukrainian courts to detain suspects
Members of the criminal group were raided under suspicion of violating several Ukrainian laws, including Part 3 of Art. 28, Part 5 of Art. 361 of the Criminal Code of Ukraine: unauthorized interference in the work of information (automated), electronic communication, information and communication systems, and electronic communication networks.
The maximum sentence under these charges is up to 15 years in prison. However, if police investigations prove that the members of the criminal group collaborated with Russian agents or Russian-supported cybercriminals, the charges and prison time could be more severe.
Law enforcement officials requested that the court detain the suspects as a preventive measure due to concerns that they pose a public threat and potential flight risk.
Brute force attacks, scams, and international criminal networks
The investigation has revealed that the 3 individuals were engaged in an organized criminal enterprise, each having specific roles within the organization. The group was dedicated to stealing email and Instagram credentials, which they sold online on the dark web to criminal groups.
Despite living in different regions of Ukraine, the group communicated regularly with each other via the internet.
“The organizer distributed responsibilities among the performers, and the latter formed databases of hacked accounts and put them up for sale on the darknet,” the Cyber Police of Ukraine said.
The police have yet to reveal if the group included other operatives in the country or whether it was connected with international criminal partners or handlers.
The investigation revealed that the credentials the group sold were mostly bought by fraud-focused cybercriminal groups to launch fraud attacks, such as the “friend asks for a loan” scam. In this type of social engineering attack, hackers use breached Instagram or email accounts to contact family members, friends, or loved ones of those who have been hacked, impersonating them with urgent pleas for money, only to vanish after the money is sent.
The Cyber Police of Ukraine said that the group breached accounts using specialized brute force malware. Brute force malware is coded to input a significant number of commonly used passwords and combinations in very little time. This type of malware requires high computing processing hardware, as it runs automatically, testing millions of passwords in minutes until it finds the correct password.
At this time, it is unknown if the criminal group coded this malware themselves, if they bought it on the dark web, or if it was provided by another criminal group or individual.
How to protect your online accounts
Protecting email, social media, and other types of accounts against brute-force attacks is relatively straightforward.
Simply enabling 2-factor authentication or multi-factor authentication will prevent hackers from brute-forcing their way into your account. If possible, it is recommended that biometric authentication or passkeys be added to accounts. This will create an additional security layer, deterring criminals more effectively. Having strong passwords and not using the same password for every account is also recommended.
Regarding fraud scams, avoid engaging with strangers who contact you via email or social media, especially if they present you with a situation that is urgent in nature. Be cautious even if the message appears to come from a close friend, family member, or partner.