The Silent Crow cybercriminal organisation has claimed responsibility for the data breach on a Russian government agency called Rosreestr, which primarily handles land records and property.
The alleged attackers created a Telegram channel last month to claim the breach. To prove the legitimacy of its claims, the group publicly posted a database that contains the Russian citizens’ names, dates of birth, addresses, phone numbers, email addresses, and individual insurance account numbers.
On the other hand, in a statement issued earlier this week, Rosreestr denied that its systems had been compromised but said it is investigating the hackers’ claims.
A Russian investigative journalist from a news outlet said they checked data from a dozen randomly selected entries in the leaked database and determined that all the picked identities correspond to an actual citizen. Moreover, some people’s property addresses matched their home addresses.
The Silent Crow attack may only be a retaliation to a Russian cyberattack that targeted a Ukrainian database.
The purported Silent Crow attack on the Russian government agency happened weeks after a suspected Russian threat actor targeted hundreds of Ukrainian databases. These databases reportedly contained official information such as residents’ biometric details, business records, legal and court rulings, property ownership, real estate transactions, and tax returns.
The affected entity also temporarily restricts user access to the compromised registers to prevent citizens from accessing crucial services linked to their digital records. Still, whether the claimed attack on Rosreestr is retaliatory for hacking Ukraine’s state registries is unclear.
According to Russian investigative journalists, Silent Crow could be an alias for a more notorious hacker gang that prefers not to be associated with the incident. If this detail is factual, the scope of the leaked data might be vast and could inflict more widespread damage on the institution.
Furthermore, the hacking group has not indicated what it intends to do with the alleged hacked material. The most probable next step for these hackers is to sell the data on the dark web or offer them directly to hacktivist groups that target the Russian government.
As of now, the group’s Telegram channel was closed shortly after they announced the theft, and it is still a mystery where the material ended up. Lastly, the hackers emphasised in their last post that they were planning to execute another attack.