For the past seven to eight months, we have been constantly reading or listening to Russia’s negative involvement in cybersecurity. Now, the latest that has been published by Group-IB claims Moscow’s involvement in the password stealing of over 50 million users.
Yes, according to a report compiled after analyzing over 34 telegram groups’ involvement in cybercrime, researchers from Group-IB have confirmed the involvement of hacking groups linked to the Kremlin stealing 50m passwords from about 890,000 user devices. And the report affirmed that the siphoning off credentials reportedly occurred in the first 9 months of this year.
Group-IB claims that many of the hackers were active members taking part in organized crime and were involved in automated scam-as-a-service campaigns spreading malware and espionage-related tools.
One such campaign is seen operating by spreading embedded links into popular gaming and music videos on YouTube, where victims are scammed and diverted to websites that coax customers into downloading mining software or data-stealing malware.
FYI, most of the stolen credentials were related to PayPal and Amazon, and some were related to gaming and crypto wallet-service offering websites.
Group IB’s Digital Risk Protection Team claims that the value of the stolen data could be $6 million and is urging online users to follow basic cyber hygiene while crafting passwords and securing an account with multi-factor authentication.
NOTE– Better to craft a password that has a minimum of 14 characters. It must be an alpha-numeric mixture of characters and must include 2-3 special characters. Using a 2FA such as an OTP authentication makes complete sense in securing an account from hackers.