What Do Hackers Do with Stolen Data

by | Jun 21, 2022

Home » Blog » What Do Hackers Do with Stolen Data

Threat Actors

Many individuals may ask, “What would someone want with my data?” or “Who would want my data?” It is important to describe who wants the data because that determines what they are going to do with it. These individuals and organizations are reference to as threat actors. They want information as a means to some, and usually nefarious, end. 

Typically threat actors can be broken down into three broad categories. These consist of hacktivists, nation-states, and criminal elements. 

server room

Hacktavists

Hacktivists can be seen through the lens of ideological motivation. Their reasons for attacking organizations come in support of a cause, and usually financial incentives don’t dictate their actions.

Hacktivists typically would use stolen data to advance a political or ideological cause. (These motivations sometimes overlap with that of APT’s, but hacktivists lack the resources/sophistication of nation-state actors). An example of a hacktivism would include many of the attacks attributed to the organization ‘Anonymous’ , like their recent declarations of support for Ukraine in its ongoing conflict with Russia.

Hacktavists may use the stolen data to blackmail officials to elicit their silence or their power; take control of propaganda media channels and alter the message, and/or disable supply chains prevent the delivery of expected weapons or supplies. Besides stealing data to release, two other common attacks in a hacktavists’ playbook are  the defacement of websites and Distributed Denial of Service (DDOS) attacks.  

Some interesting Hacktavist attacks:

  • Operation Tunisia by Anonymous (2008)
  • Sony data breach by Lulzsec (2012)
  • OpChile Operation (2019)
  • Streaming service Twitch had its source code released (2021)

Nation State / Advanced-Persistent THreats

Nation-state actors are those individuals or groups who act on behalf of a government. These entities are often referred to as Advanced-Persistent Threats (APT’s) and pose a particular risk to industries that deal with issues of national security, critical infrastructure, or other operations of strategic geopolitical import. These entities often seek confidential information or other critical intellectual property.

Like hacktivists, nation-states sometimes leverage stolen data to advance a particular political or ideological cause (with the end-goal of creating favorable strategic outcomes from the advancement of said causes).

Examples of this category would include:

  • the Chinese Military (APT41)
  • Russian intelligence (Fancy-Bear)
  • Solarwinds attack on the DOD 
Terrorist attack on building

SolarWinds exploit:

This is classic espionage. It’s done in a highly sophisticated way … But this is a stealthy operation.   -Thomas Rid, The Washington Post

     Criminal Elements

    Criminal elements are threat actors motivated typically by financial gain. An organization’s data can be stolen by insiders or those outside of the organization. While financial institutions are obvious targets, any organization could be a potential victim to these groups. 

    The rise of ransomware is a prime example of this. Criminal groups will often hold organizations’ data hostage and demand ransom payments in exchange for returning access to the stolen records. These ransomware schemes can also take the form of “double-extortion” where these groups threaten to release sensitive/damaging enterprise data to the public if the ransom is not paid (in addition to prevented said organization the ability to access the stolen data). Some organizations will reluctantly pay the attackers to prevent government fines if their released data violates HIPAA, FERPA, GLBA, or other regulations.

    Popular examples of ransomware groups and attacks of these include:

    • Conti, a ransomware group
    • FIN7, a criminal organization
    • Kaseya, a ransomware attack

    Related Blog Posts

    Are Your Credentials on the Web?

    Are Your Credentials on the Web?

    Let's Find Out! Step 1: Go to haveibeenpwned.com Step 2: Place Your Email (Never your password) Step 3: Click the “pwned?” button. Step 4: Write down all the sites  Step 5: Go to every site and change your passwords  This step should be based on prioritization of how...

    MOVEit: What You Need to Know about CVE-2023-25708

    MOVEit: What You Need to Know about CVE-2023-25708

    MOVEit: What You Need to Know about CVE-2023-25708 The MOVEit Vulnerability, or CVE-2023-25708, is an SQL Injection vulnerability that targets the database of the MOVEit Transfer software. This is a new critical risk vulnerability and the impacts are...

    Madison Horn Joins the Critical Fault Team as CEO

    Madison Horn Joins the Critical Fault Team as CEO

    Madison Horn Joins the Critical Fault Team as CEO In Madison’s new role as CEO of Critical Fault, she will lead the vision and strategy for the organization while fostering a culture of growth and collaboration. Madison is dedicated to strengthening...

    The Importance of Employee Security Training

    The Importance of Employee Security Training

    Impact of Employee Security Training The majority of enterprise cybersecurity incidents can be traced back to a mistake made by an employee. Whether this came in the form of a clicking on a phishing email or lackluster security policies implemented...

    Want to learn more? Our Security Experts Are Here For You

    Critical Fault all white text

    Newsletter

    Subscribe To Our Newsletter

    We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.

    Need Immediate Assistance?

    Give us a call (405) 771-6399

    Headquarters

    3841 E Danforth Rd, Ste 106, Edmond, OK 73034 

    110 E. Houston St, 7th Floor, San Antonio, TX 78205

    Copyright 2024 - Critical Fault, LLC. | Privacy Policy