Security Experts:

Connect with us

Hi, what are you looking for?



Cybercriminals Seek to Profit From Russia-Ukraine Conflict

Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.

Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.

Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.

Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).

On February 2, an underground forum user was asking $160 for access to a subdomain of a Ukrainian agricultural exchange. The threat actor claimed to have shell and database access to the subdomain, as well as access to payment information and contracts.

That level of access, Accenture notes, allows an attacker to “obtain PII and payment card data, resell exfiltrated data, deploy malicious software such as ransomware, deface websites on the affected subdomain, or possibly even disrupt active exchanges and trades.”

[READ: Microsoft, Symantec Share Notes on Russian Hacks Hitting Ukraine]

Starting late January 2022, threat actors have been offering on a Tor website five databases named “,” allegedly containing the personal information of Ukrainian citizens that was allegedly harvested from Ukrainian government sites. As of February 10, two of the databases appear to have been sold.

Also in late January, an underground forum user shared a SQL database supposedly stolen from a Ukrainian federal agency, which allegedly contains detailed information on wanted criminals. According to another user, however, the data is publicly available on a Ukrainian government website.

On January 23, another forum user started offering for sale over 70 administrator accounts at a Ukrainian bank and advertised 220 email addresses along with alleged vulnerabilities in the systems of a Ukrainian energy sector investor. In other posts, the same user claimed to have discovered vulnerabilities at biotechnology companies, US banks, and UK telecommunications organizations.

[READ: Belarus Hacktivists Target Railway in Anti-Russia Effort]

On January 22, an underground forum user started advertising personal information of Ukrainian citizens and also provided a link for interested buyers to download a sample of the data, as proof of legitimacy.

Some of these threat actors appear to have high credibility, being endorsed by other users on the same underground forums, which suggests that some of these claims might be legitimate. Others, however, do not have the same level of feedback, making it difficult for security researchers to assess the credibility of their claims.

“Nation-state actors could purchase and leverage network access to critical infrastructure organizations, such as telecommunications or energy organizations, as well as banks. They could use the accesses with asymmetrical tactics to cause disruptions, including depriving users of interconnectivity, energy, or financial transactions, if timed correctly,” Accenture notes in its report.

Related: More Russian Attacks Against Ukraine Come to Light

Related: US, Britain Accuse Russia of Cyberattacks Targeting Ukraine

Related: Russian Hacker Extradited to US for Trading on Stolen Information

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.