A white hat researcher discovered a pair of data breaches in which email and password credentials of government employees were dumped on Pastebin.
Hackers dumped almost 4,000 credentials gained during two separate breaches that contained credentials linked to U.S. and Ukrainian government employees.
The attackers breached a website affiliated with the Sovereign Order of Malta and another website that remains unidentified, but is mysteriously referred to in the data dump as “Annabelle.” The data, viewed by SCMagazine.com, was initially discovered by Red Cell Infosec CEO Dominique Davis.
“It seems that someone is targeting Ukrainian officials, but it was not clear what was breached,” Davis said. The “Annabelle” breach did not contain information that points the specific site that was breached – a fact that he calls “disturbing.” The breach may have involved a state server or a poodle porn server in Russia, he noted.
The cybercriminal who breached the Sovereign Order of Malta website goes by tag “hackermanfrisch” and Davis said he has collected enough information to identify the individual's real name and location.
The Sovereign Order of Malta data dump contained 1,786 login credentials in plaintext, unsalted and unhashed. It included information of government employees, including individuals with email addresses associated with the Centers for Disease Control and Prevention, a Department of Energy research center, and an employee of a local municipality in California.