The Russian hacking groups have abused the Telegram platform, which allowed them to gather a whopping 50 million login information from users on Roblox, Amazon, and Steam.
According to researchers, there is an ongoing password-stealing operation that targets different organisations conducted by numerous Russian-based threat groups. Thirty-four confirmed groups currently use off-the-shelf information stealers to target unsuspecting and unaware users.
These Russian-speaking cybercriminal entities distribute info stealing malware and offer them to other groups, especially amateurs, as a stealer-as-a-service. These threat actors primarily offer the Racoon and Redline stealers to snatch passwords from Steam and Roblox gaming accounts.
The hackers also target users to steal PayPal and Amazon credentials, users’ payment records, and crypto wallet information. The attackers found their victims through Russian Telegram groups.
Russian hacking groups commonly apply impersonation tactics to trick targets.
Researchers explained that these Russian hacking groups impersonate well-known companies to deceive targets into downloading malicious files. These malicious entities could achieve this tactic by attaching compromised links containing malware.
These malware-laden links commonly redirect users to popular games’ video reviews on lotteries, lucky draws, and YouTube. If an infostealer malware successfully invades a device, it could gather data from web browsers and transmit it to an attacker-controlled server.
These stolen troves of data could range from social media passwords, cryptocurrency wallet details, gaming account credentials, email services, and bank card details.
The groups have infiltrated nearly 900,000 user devices and stolen over 50 million passwords. Analysts have reviewed around 34 telegram channels that the threat groups used to deploy their cybercriminal attacks and discovered that they had infected approximately 111 countries worldwide.
Each Russian cybercriminal gang has about 200 active members. The collected stolen data among the threat groups are dominated by PayPal and Amazon passwords, meaning that these platforms are the most targeted by the Russian groups.
Organisations, gamers, and ordinary users should always be vigilant in navigating the internet since numerous threats could appear everywhere. Cybersecurity experts suggest that attached links in emails, especially unwanted ones, should be avoided, as most actors use them as the primary tool for tricking victims.
