Ukrainian Security Service Shuts Down Kremlin-Affiliated Cybercrime Group

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Weeks after Ukrainian authorities shut down two bot farms, used to spread disinformation, the Security Service of Ukraine (SSU) said it shut down another cybercrime operation that allegedly acted on behalf of the Kremlin.

Ukraine-based cybercriminals allegedly hacked victims’ social media accounts in the EU and Ukraine before selling them to ‘wholesale’ pro-Kremlin propagandists.

According to the SSU, the buyers “used the received identification data of Ukrainian and foreign citizens to spread fake ‘news’ from the front and sow panic.

“The purpose of such manipulations was large-scale destabilization in multiple countries,” the agency added in its press release last week.

While the suspects haven’t yet been identified by name, the SSU said the hackers sold the access credentials to the accounts on the dark web. From this sale, the threat actors made around UAH 14 million (USD $326,000) through electronic payment systems like YooMoney, Qiwi and WebMoney, which are all banned in Ukraine.

The hackers also allegedly took control of approximately 30 million accounts.

“The investigation established that the hacked accounts were used supposedly on behalf of ordinary people to spread disinformation about the socio-political situation in Ukraine and the EU,” the SSU said.

Additionally, the Lviv-based threat actors allegedly “installed specialized computer equipment at their homes and broke into other people’s accounts using malicious software.”

Law enforcement found ”hard magnetic disks” containing citizens’ personal data, along with  computer equipment, mobile phones, SIM cards, and flash drives which included  “evidence of unlawful activity.”

The SSU didn’t disclose the names or numbers of the crew members busted in the operation and instead added that “the investigation is ongoing.”

Earlier this month, the SSU’s cyber department shut down two bot farms in Kyiv and Odesa. This “bot army” of around 7,000 accounts was deployed in order to spread harmful disinformation aimed at destabilizing Ukraine, discrediting Ukrainian defense forces, and justifying Russia’s invasion.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.