A cybercriminal has just put the personal data of employees of eleven French institutions, including several pension funds, up for sale on a dark web black market. The ad was spotted by Zataz. The seller, a hacker believed to be from North Africa, is selling the information "from 10 to over 4,000 euros".
Highly sensitive data on the dark web
The price of the data obviously depends on the nature of the information. The hacker sells the data according to its strategic importance. For example, data on health or social security costs more than data from the education sector. The data includes email addresses, hashed passwords (i.e., passwords transformed into an unreadable string of characters for security reasons), postal addresses, and telephone numbers. Among the affected institutions are pension funds in Auvergne, central France, Aquitaine, and Brittany. The hacker also highlights "public health data" and "social security organization data." In all cases, this is particularly sensitive information, which places a target on the backs of all those involved. They could find themselves targeted by various scams, such as phishing attempts or identity theft. As Zataz points out, the hacker does not specify how he got his hands on the data held by the French institutions. It is unclear whether the cybercriminal took advantage of a vulnerability in the entities' servers or whether the data was stolen as part of a phishing campaign. It is also possible that the hacker simply combined several already compromised directories. In any case, sensitive data circulates in the criminal economy.
Data disseminated by another gang
According to the specialized blog, a cybercriminal gang, called Stormous, also disseminated "several hundred similar data". The group has become known for its increased data theft and ransomware attacks in recent years. Unsurprisingly, Zataz has alerted the ANSSI (National Agency for Information Systems Security) of the situation.
This new leak comes in a delicate context in France. Criminal markets are already overflowing with data on French people, following a multitude of cyberattacks. Recently, the tax data of two million taxpayers was dumped on the dark web, facilitating the work of criminals who orchestrate tax scams. This type of scam is currently exploding in France.
Source: Zataz
0 Comments