Ukrainian Cyber Police have arrested three individuals suspected of hacking millions of email and Instagram accounts for sale on the dark web. The Ukrainian hackers were detained after a coordinated law enforcement operation involving the country’s Cyber Police and investigators from the National Police under guidance from the Kharkiv Regional Prosecutor’s Office.
During the operation, Ukrainian Cyber Police in the Kharkiv region conducted seven searches in Kyiv, Odesa, Vinnytsia, Ivano-Frankivsk, Donetsk, and Kirovohrad. They seized 70 pieces of computer equipment, 14 phones, bank cards, and cash, totaling about $3,000.
The suspects were charged with disrupting information systems, which carries severe prison sentences under Ukrainian law, with possible additional charges for collaborating with Russia.
Ukrainian hackers compromised 100 million Instagram accounts via brute-force attacks
The suspects, aged between 20 and 40, were accused of hijacking over 100 million emails and Instagram accounts using brute force attacks to compromise accounts that usually lacked multi-factor authentication (MFA).
Brute force attacks leverage trial and error techniques, usually involving automated scripts to guess correct passwords.
Subsequently, the law enforcement agency encouraged account owners to enable two-factor authentication to protect their accounts against attacks leveraging weak or compromised passwords.
“You can protect your account from this method of hacking by setting up two-factor authentication and using strong passwords,” UA Cyber Police said.
“Cybercriminals are often opportunistic, seeking the path of least resistance,” said Emily Phelps, Director of Cyware. “Strong passphrases and multifactor authentication cannot be considered optional extras but fundamental requirements to defend against cyberthreats. The coordination behind such illicit activities emphasizes the need for continuous vigilance, collaboration, and advanced cybersecurity solutions.”
The Ukrainian hackers sold most of the compromised accounts on the dark web to fraudsters who used them to conduct “Friend Asks for a Loan” scams. The scheme involves scammers impersonating the victim and requesting friends, contacts, and acquaintances on social media to urgently transfer funds to cards or accounts under the fraudsters’ control.
Ukrainian hackers facing up to 15 years in prison
The detained Ukrainian hackers were charged with unauthorized interference in information systems and networks and could face up to 15 years in prison, according to Ukrainian law.
Investigators also suspect potential collaboration with foreign entities where some select accounts were used for PSYOPS to advance Russian interests. The detained Ukrainian hackers could face additional charges if the ongoing investigation discovers evidence of collaboration with Russia.
Since February 2022, when Russia launched the full-scale invasion of Ukraine, the two neighboring countries have traded kinetic strikes and cyber attacks as part of a broader geopolitical conflict. Russia also stepped up disinformation on social media using fake profiles, underscoring the threat posed by mass-hacked accounts.
Meanwhile, Cyber Police UA has disclosed that the hacking operation was highly coordinated, bearing the hallmarks of organized crime. According to the press release, the group leader distributed tasks to other members while others maintained a database of stolen accounts and listed them for sale on the dark web.
“The organizer distributed responsibilities among the performers, and the latter formed databases of hacked accounts and put them up for sale on the darknet,” the Ukrainian Cyber Police said.
Although the detained Ukrainian hackers lived in different parts of the country, they communicated via the Internet to coordinate their cybercrime activities.
Little is known about the operation, but Ukrainian Cyber Police said investigations are still in progress, and more details will be available soon. However, preliminary results show the operation was active for at least a year and targeted users in all countries worldwide.
“It was preliminarily established that during the year of criminal activity, members of the group formed databases of stolen accounts of more than 100 million Internet users from all over the world,” the Ukrainian Cyber Police said.
Analysis of the 70 computers seized during the operation will also yield more details on the Ukrainian hackers’ activities, including their toolset, tactics, and if and how they collaborated with Russia.
The arrests occurred barely a month after Ukrainian authorities detained a father and son, whose suspected LockBit-affiliated activities disrupted businesses, including healthcare, across France.
