What Do Hackers Do with Stolen Data

by | Jun 21, 2022

Home » Blog » What Do Hackers Do with Stolen Data

Threat Actors

Many individuals may ask, “What would someone want with my data?” or “Who would want my data?” It is important to describe who wants the data because that determines what they are going to do with it. These individuals and organizations are reference to as threat actors. They want information as a means to some, and usually nefarious, end. 

Typically threat actors can be broken down into three broad categories. These consist of hacktivists, nation-states, and criminal elements. 

server room


Hacktivists can be seen through the lens of ideological motivation. Their reasons for attacking organizations come in support of a cause, and usually financial incentives don’t dictate their actions.

Hacktivists typically would use stolen data to advance a political or ideological cause. (These motivations sometimes overlap with that of APT’s, but hacktivists lack the resources/sophistication of nation-state actors). An example of a hacktivism would include many of the attacks attributed to the organization ‘Anonymous’ , like their recent declarations of support for Ukraine in its ongoing conflict with Russia.

Hacktavists may use the stolen data to blackmail officials to elicit their silence or their power; take control of propaganda media channels and alter the message, and/or disable supply chains prevent the delivery of expected weapons or supplies. Besides stealing data to release, two other common attacks in a hacktavists’ playbook are  the defacement of websites and Distributed Denial of Service (DDOS) attacks.  

Some interesting Hacktavist attacks:

  • Operation Tunisia by Anonymous (2008)
  • Sony data breach by Lulzsec (2012)
  • OpChile Operation (2019)
  • Streaming service Twitch had its source code released (2021)

Nation State / Advanced-Persistent THreats

Nation-state actors are those individuals or groups who act on behalf of a government. These entities are often referred to as Advanced-Persistent Threats (APT’s) and pose a particular risk to industries that deal with issues of national security, critical infrastructure, or other operations of strategic geopolitical import. These entities often seek confidential information or other critical intellectual property.

Like hacktivists, nation-states sometimes leverage stolen data to advance a particular political or ideological cause (with the end-goal of creating favorable strategic outcomes from the advancement of said causes).

Examples of this category would include:

  • the Chinese Military (APT41)
  • Russian intelligence (Fancy-Bear)
  • Solarwinds attack on the DOD 
Terrorist attack on building

SolarWinds exploit:

This is classic espionage. It’s done in a highly sophisticated way … But this is a stealthy operation.   -Thomas Rid, The Washington Post

     Criminal Elements

    Criminal elements are threat actors motivated typically by financial gain. An organization’s data can be stolen by insiders or those outside of the organization. While financial institutions are obvious targets, any organization could be a potential victim to these groups. 

    The rise of ransomware is a prime example of this. Criminal groups will often hold organizations’ data hostage and demand ransom payments in exchange for returning access to the stolen records. These ransomware schemes can also take the form of “double-extortion” where these groups threaten to release sensitive/damaging enterprise data to the public if the ransom is not paid (in addition to prevented said organization the ability to access the stolen data). Some organizations will reluctantly pay the attackers to prevent government fines if their released data violates HIPAA, FERPA, GLBA, or other regulations.

    Popular examples of ransomware groups and attacks of these include:

    • Conti, a ransomware group
    • FIN7, a criminal organization
    • Kaseya, a ransomware attack

    Related Blog Posts

    The Importance of Employee Security Training

    The Importance of Employee Security Training

    Impact of Employee Security Training The majority of enterprise cybersecurity incidents can be traced back to a mistake made by an employee. Whether this came in the form of a clicking on a phishing email or lackluster security policies implemented...

    25 High Profile Enterprise Information Security Breaches

    25 High Profile Enterprise Information Security Breaches

    No Industry seems to be safe from Ransomeware Thus many sectors have implemented required governance and awareness training throughout their organizations. As time moves forward, more industries will implement proactive strategies to minimize the...

    Creating an Incident Response Plan

    Creating an Incident Response Plan

    Creating an Incident Response Plan Disruptions to business operations occur frequently and vary greatly in terms of scope and scale. Organizations should establish formal policies and procedures in order to minimize the impact of...

    Why Physical Security Is Cybersecurity

    Why Physical Security Is Cybersecurity

    Physical Security Awareness Physical Security is an important aspect of protecting your organization’s networks, hardware, and data. However, physical security is often overlooked when cybersecurity policies are written, and often times sub-par...

    Want to learn more? Our Security Experts Are Here For You

    Critical Fault all white text


    Subscribe To Our Newsletter

    We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.

    Need Immediate Assistance?

    Give us a call (405) 771-6399


    3841 E Danforth Rd, Ste 106, Edmond, OK 73034 

    Copyright 2022 - Critical Fault, LLC.