10 Million Stolen Middle East Usernames and Passwords for Sale on Darknet

The Kaspersky Digital Footprint Intelligence (DFI) team studied darknet ads and shadow marketplaces for the first half of 2024 to identify the main cyber threats to organizations and government agencies in the Middle East.

Kaspersky Lab reports that cybercriminals use infostealers to collect as much confidential data as possible from infected devices. Logins and passwords to accounts are in high demand. Kaspersky DFI experts found almost 10 million such combinations on the darknet, published in the first six months of 2024. These are mainly accounts of employees of various companies or users of services, including government ones, in Egypt, Saudi Arabia and the UAE.

The leaked data can be used to commit various fraudulent activities – from blackmail to targeted attacks. In the first half of 2024, attackers posted 125 corporate databases of Middle Eastern companies on the darknet and shadow forums. The countries with the largest number of leaks include Saudi Arabia, Iraq, and Egypt.

According to Kaspersky DFI experts, cyber groups organizing attacks using ransomware have become more organized and structured. In the first half of 2024, at least 19 such groups were active in the Middle East. The main countries of presence are the UAE and Saudi Arabia. The most active are Lockbit 3.0, Stormous, Rhysida, and Qilin. The most frequently attacked industries include government organizations, construction, and consulting companies.

Ideologically motivated hacktivist activity is gaining momentum. It is generally accepted that hacktivists most often carry out DDoS attacks. However, the activities of such attackers are now becoming increasingly destructive and leading to critical consequences – data leaks and compromise of individual organizations. Kaspersky DFI experts have identified more than 11 hacktivist movements and groups in the Middle East.

The key goal of initial access broker attackers is to find entry points into corporate networks. They are also resold to larger groups or attackers who have the capabilities and motivation to further develop the attack. Kaspersky DFI experts have found more than 40 advertisements on the darknet selling access to corporate systems in government, education, manufacturing, transportation, financial, medical organizations and enterprises of other industries in the Middle East.

“Attackers are not only improving existing methods, but also developing new tactics and tools. It is necessary to remain vigilant to protect corporate networks from threats from the darknet. The question is not whether an attack will happen, but rather when it will happen. “That’s why it’s important for organizations to be one step ahead of cybercriminals,” comments Vera Kholopova, an analyst at Kaspersky Digital Footprint Intelligence.

Leave a Reply

Your email address will not be published. Required fields are marked *