Cybercriminals have released login credentials of over 40,000 accounts that were used in several government portals. These stolen credentials belong to a wide range of government agencies - varying from local government sites to state-level agencies.
According to Alexandr Kalinin, head of Group-IB’s Computer Emergency Response Team (CERT-IB), the stolen data includes usernames and passwords in plain text. This data was found online and belonged to government agencies across 30 countries.
“The scale and simplicity of government employees’ data compromise shows that users, due to their carelessness and lack of reliable cyber defense, fall victims to hackers,” Kalinin told SC Magazine.
These account details were collected over time with the help of several data-stealing malware such as Pony, AZORult and Qbot. Kalinin believes that the crooks behind the operation might have filtered the stolen accounts into separate packages for advertising and sales purposes.
More than half of the stolen accounts (52 percent) belonged to Italian government officials. This is followed by the accounts belonging to the Saudi Arabian government (22 percent) and the Portuguese government (5 percent).
The government portals compromised in the hack includes the ‘gov.pl’, ‘gov.ro’, ‘admin.ch’ and ‘government.bg’. The hackers also targeted websites for state-agencies belonging to the Italian Ministry of Defense, the Israeli Defense Force, the Ministry of Finance of Georgia, the Norwegian Directorate of Immigration, the Ministry of Foreign Affairs of Romania and the Ministry of Foreign Affairs of Italy.