What Do Hackers Do with Stolen Data

by | Jun 21, 2022

Home » Blog » What Do Hackers Do with Stolen Data

Threat Actors

Many individuals may ask, “What would someone want with my data?” or “Who would want my data?” It is important to describe who wants the data because that determines what they are going to do with it. These individuals and organizations are reference to as threat actors. They want information as a means to some, and usually nefarious, end. 

Typically threat actors can be broken down into three broad categories. These consist of hacktivists, nation-states, and criminal elements. 

server room


Hacktivists can be seen through the lens of ideological motivation. Their reasons for attacking organizations come in support of a cause, and usually financial incentives don’t dictate their actions.

Hacktivists typically would use stolen data to advance a political or ideological cause. (These motivations sometimes overlap with that of APT’s, but hacktivists lack the resources/sophistication of nation-state actors). An example of a hacktivism would include many of the attacks attributed to the organization ‘Anonymous’ , like their recent declarations of support for Ukraine in its ongoing conflict with Russia.

Hacktavists may use the stolen data to blackmail officials to elicit their silence or their power; take control of propaganda media channels and alter the message, and/or disable supply chains prevent the delivery of expected weapons or supplies. Besides stealing data to release, two other common attacks in a hacktavists’ playbook are  the defacement of websites and Distributed Denial of Service (DDOS) attacks.  

Some interesting Hacktavist attacks:

  • Operation Tunisia by Anonymous (2008)
  • Sony data breach by Lulzsec (2012)
  • OpChile Operation (2019)
  • Streaming service Twitch had its source code released (2021)

Nation State / Advanced-Persistent THreats

Nation-state actors are those individuals or groups who act on behalf of a government. These entities are often referred to as Advanced-Persistent Threats (APT’s) and pose a particular risk to industries that deal with issues of national security, critical infrastructure, or other operations of strategic geopolitical import. These entities often seek confidential information or other critical intellectual property.

Like hacktivists, nation-states sometimes leverage stolen data to advance a particular political or ideological cause (with the end-goal of creating favorable strategic outcomes from the advancement of said causes).

Examples of this category would include:

  • the Chinese Military (APT41)
  • Russian intelligence (Fancy-Bear)
  • Solarwinds attack on the DOD 
Terrorist attack on building

SolarWinds exploit:

This is classic espionage. It’s done in a highly sophisticated way … But this is a stealthy operation.   -Thomas Rid, The Washington Post

     Criminal Elements

    Criminal elements are threat actors motivated typically by financial gain. An organization’s data can be stolen by insiders or those outside of the organization. While financial institutions are obvious targets, any organization could be a potential victim to these groups. 

    The rise of ransomware is a prime example of this. Criminal groups will often hold organizations’ data hostage and demand ransom payments in exchange for returning access to the stolen records. These ransomware schemes can also take the form of “double-extortion” where these groups threaten to release sensitive/damaging enterprise data to the public if the ransom is not paid (in addition to prevented said organization the ability to access the stolen data). Some organizations will reluctantly pay the attackers to prevent government fines if their released data violates HIPAA, FERPA, GLBA, or other regulations.

    Popular examples of ransomware groups and attacks of these include:

    • Conti, a ransomware group
    • FIN7, a criminal organization
    • Kaseya, a ransomware attack

    Related Blog Posts

    What Is a Risk Assessment and Why Is It Necessary?

    What Is a Risk Assessment and Why Is It Necessary?

    What Is A Risk Assessment? A Risk Assessment is a comprehensive and exhaustive examination of an organization’s current security controls and information systems. A senior risk assessor works to identify any existing threats or areas of concern, and...

    What Is Penetration Testing and Why Is It Necessary?

    What Is Penetration Testing and Why Is It Necessary?

    What Is Penetration Testing? Penetration Testing is when an organization hires professional hackers, also known as “ethical hackers”, to identify vulnerabilities in an organization’s security architecture. Penetration Testing takes an offensive...

    Information Security Tips

    Information Security Tips

    TOP SECURITY TIPS Creating an effective information security policy is critical to the survival of any organization. We’ve compiled a helpful list of all our best information security tips to help protect businesses against growing cyber threats. Be...

    The Rising Need for Digital Forensics

    The Rising Need for Digital Forensics

    What is Digital Forensics? According to US-CERT, Digital (Computer) Forensics can be defined “as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications,...

    Want to learn more? Our Security Experts Are Here For You

    Critical Fault all white text


    Subscribe To Our Newsletter

    We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.

    Need Immediate Assistance?

    Give us a call (405) 771-6399


    3841 E Danforth Rd, Ste 106, Edmond, OK 73034 

    Copyright 2022 - Critical Fault, LLC. | Privacy Policy