Over 40,000 credentials for accounts on government portals around the world have been leaked online, and are most likely up for sale on the dark web.
Russian security firm Group-IB said usernames and cleartext passwords were available for various local and national government entities across more than 30 countries.
It’s not clear exactly how they were discovered, although the firm claims readily available keyloggers and info-stealing malware enabled the hackers responsible to harvest the info over time. It’s thought they may be part of an even bigger trove of sensitive data which has been refined for sale.
Hundreds of accounts on the websites of the US Senate, the Internal Revenue Service, the Department of Homeland Security and NASA were among those affected, according to Bloomberg.
Also hit were portals of the Israel Defense Forces, the Italian defense and foreign ministries, and Norway’s Directorate of Immigration, as well as government sites in France, Poland, Romania, Switzerland and Georgia.
Over half (52%) of victims were in Italy, followed by Saudi Arabia (22%).
Attacks in the US reportedly took place in the past year while other countries have been targeted since June 2017.
Group-IB has informed the authorities in the relevant countries, aware of the potentially serious national security implications of the leak.
Andrea Carcano, co-founder of Nozomi Networks, claimed the attackers likely used phishing attacks to spread the info-stealing malware.
“It is therefore extremely important that government organizations dedicate time and resources into training employees not to click on links, attachments and fraudulent emails that are professionally manufactured to target specific individuals,” he added.
“While it is unclear how much data the compromised login details will provide attackers, the governments affected should still try to do everything possible to limit their access. The first step would be to update login and password information for employees affected.”