Posted on October 20, 2021 at 1:44 PM
Argentine Registry Data Theft: Twitter Suspends The Accounts Hackers Involved
The Argentine database that holds the information and IDs of its 45 million citizens was attacked by threat actors recently. However, in a swift move to prevent the promotion and distribution of the data, Twitter has taken action.
The social media giant suspended the Twitter accounts of those that allegedly broke into the database to steal the data.
Reports reveal that the stolen data include names, government photo ID, worker identification code, citizen number, their birthday, and home address.
Details Of Famous Argentines Leaked
The hackers started leaking details of famous people in the database, including the details of Argentine football stars Sergio Aguero and Lionel Messi.
After the initial leak, the hackers, in a message to recordHackers, said they want to leak data of up to 2 million citizens. They advertised the data on the darknet to those who wish to buy.
The threat actors also said they were able to have access to the data because the employees were not careful enough.
Shortly after the news of the data leak went viral, the Argentine government issued a statement, stating that the National Registry of Persons was not hacked. The government added that threat actors accessed the digital identity system via the VPN of someone within the ministry. The government added that the threat actors infiltrated the database shortly before exposing the details of Lionel Messi.
A Monumental Hack
Many experts have ranked the recent hack as one of the biggest in recent history. Toney Pepper, Chief Executive Officer of cybersecurity firm Egress, said the hacking incident is “monumental.”
“The black market for stolen data is a big company,” he said, adding that threat actors are always looking for ways to steal data and make money off it.
The recent attack is a stack reminder of how ambitious these threat actors have become. They are now more sophisticated and can take the slightest opportunity to cause phenomenal loss to organizations and the government, Toney reiterated.
Millions At Risk Of Phishing Attacks
One of the devastating effects of such type of attack is the ripple effect it can have. Some of the victims may suffer more as the data could be used in multiple attacks in the future. Once their data is out there and in the hands of threat actors, they can also become victims of identity theft.
The citizens are now more exposed to several kinds of attacks, including spoofing scams, and advanced phishing scams.
The Argentine National Registry of Persons (RENAPER) stated that it has informed authorities about the theft and an investigation has been launched.
It’s not clear when the actual theft of the data occurred. Initially, when the hackers were announcing their loots, they weren’t taken seriously. They first published the details of security personnel and soldiers through their Twitter account in September.
To show that he’s not bluffing, the attacker published online personal data of 44 other online celebrities. That was when they drew more attention.
A few days after the publication, the hackers offered to get the details of any Argentine. Some reports even stated that the hackers may already have the data of all 45 million Argentines, based on the hackers’ disposition.
Twitter Blocks Accounts Of The Russian Threat Group
In another development, Twitter has suspended the accounts of a North Korean hacking syndicate launching cyberattacks on security researchers. According to the company, the social media accounts, @shiftrows13 and @lagal1990, were suspended after posing as security researchers.
Analyst at Google Threat Analysis Group (TAG), Adam Weiderman, stated that the suspected threat group used zero-days to gain more followers and build their credibility.
Weiderman stated that the bogus Twitter accounts were discovered by researchers Javier Marcos and Francisco Alonso. He added that the hacking syndicate uses the blocked cluster of accounts to reach their targets, including popular security researchers.
“We (TAG) confirmed these are directly related to the cluster of accounts we blogged about earlier this year,” Weidermann added.
However, the campaign is believed to be the activities of state-sponsored North Korean threat actors, having been tracked by Google’s TAG team.
In August, another account, @legal1990, was also suspended for the same reason. The activities by the threat group have been monitored by and tracked by the Google TAG team from the past year.
However, a notable finding of the campaign was made in January 2021 when the threat actors created a network of fake profiles across platforms such as GitHub, LinkedIn, Twitter, and Keybase.
