What Do Hackers Do with Stolen Data
Threat Actors
Many individuals may ask, “What would someone want with my data?” or “Who would want my data?” It is important to describe who wants the data because that determines what they are going to do with it. These individuals and organizations are reference to as threat actors. They want information as a means to some, and usually nefarious, end.
Typically threat actors can be broken down into three broad categories. These consist of hacktivists, nation-states, and criminal elements.
Hacktavists
Hacktivists can be seen through the lens of ideological motivation. Their reasons for attacking organizations come in support of a cause, and usually financial incentives don’t dictate their actions.
Hacktivists typically would use stolen data to advance a political or ideological cause. (These motivations sometimes overlap with that of APT’s, but hacktivists lack the resources/sophistication of nation-state actors). An example of a hacktivism would include many of the attacks attributed to the organization ‘Anonymous’ , like their recent declarations of support for Ukraine in its ongoing conflict with Russia.
Hacktavists may use the stolen data to blackmail officials to elicit their silence or their power; take control of propaganda media channels and alter the message, and/or disable supply chains prevent the delivery of expected weapons or supplies. Besides stealing data to release, two other common attacks in a hacktavists’ playbook are the defacement of websites and Distributed Denial of Service (DDOS) attacks.
Some interesting Hacktavist attacks:
- Operation Tunisia by Anonymous (2008)
- Sony data breach by Lulzsec (2012)
- OpChile Operation (2019)
- Streaming service Twitch had its source code released (2021)
Nation State / Advanced-Persistent THreats
Nation-state actors are those individuals or groups who act on behalf of a government. These entities are often referred to as Advanced-Persistent Threats (APT’s) and pose a particular risk to industries that deal with issues of national security, critical infrastructure, or other operations of strategic geopolitical import. These entities often seek confidential information or other critical intellectual property.
Like hacktivists, nation-states sometimes leverage stolen data to advance a particular political or ideological cause (with the end-goal of creating favorable strategic outcomes from the advancement of said causes).
Examples of this category would include:
- the Chinese Military (APT41)
- Russian intelligence (Fancy-Bear)
- Solarwinds attack on the DOD
SolarWinds exploit:
This is classic espionage. It’s done in a highly sophisticated way … But this is a stealthy operation. -Thomas Rid, The Washington Post
Criminal Elements
Criminal elements are threat actors motivated typically by financial gain. An organization’s data can be stolen by insiders or those outside of the organization. While financial institutions are obvious targets, any organization could be a potential victim to these groups.
The rise of ransomware is a prime example of this. Criminal groups will often hold organizations’ data hostage and demand ransom payments in exchange for returning access to the stolen records. These ransomware schemes can also take the form of “double-extortion” where these groups threaten to release sensitive/damaging enterprise data to the public if the ransom is not paid (in addition to prevented said organization the ability to access the stolen data). Some organizations will reluctantly pay the attackers to prevent government fines if their released data violates HIPAA, FERPA, GLBA, or other regulations.
Popular examples of ransomware groups and attacks of these include:
- Conti, a ransomware group
- FIN7, a criminal organization
- Kaseya, a ransomware attack
References
- https://www.france24.com/en/europe/20220323-ukraine-conflict-presents-a-minefield-for-anonymous-and-hacktivists
- https://www.trendmicro.com/vinfo/es/security/news/cyber-attacks/hacktivism-101-a-brief-history-of-notable-incidents
- https://www.infosecurity-magazine.com/opinions/twitch-hack-potential-security/
- https://securityboulevard.com/2020/06/analysis-of-the-top10-hacktivist-operations/
- https://www.cisecurity.org/solarwinds
- “Russian hack was ‘classic espionage’ with stealthy, targeted tactics”. The Washington Post. December 14, 2020. Archived from the original on December 14, 2020. Retrieved June 21.2022.
- https://www.zdnet.com/article/updated-kaseya-ransomware-attack-faq-what-we-know-now/
Related Blog Posts
What Is Penetration Testing and Why Is It Necessary?
What Is Penetration Testing? Penetration Testing is when an organization hires professional hackers, also known as “ethical hackers”, to identify vulnerabilities in an organization’s security architecture. Penetration Testing takes an offensive...
Information Security Tips
TOP SECURITY TIPS Creating an effective information security policy is critical to the survival of any organization. We’ve compiled a helpful list of all our best information security tips to help protect businesses against growing cyber threats. Be...
The Rising Need for Digital Forensics
What is Digital Forensics? According to US-CERT, Digital (Computer) Forensics can be defined “as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications,...
Cyber Security: White House Adopts Zero Trust
Federal Government Embraces Zero Trust On January 26th, 2020 the White House adopted a Federal zero trust architecture strategy requiring all federal agencies to adopt zero trust cyber security practices by the end of Fiscal Year 2024.1 With the...
Want to learn more? Our Security Experts Are Here For You
Newsletter
Subscribe To Our Newsletter
We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.
Need Immediate Assistance?
Give us a call (405) 771-6399
Headquarters
3841 E Danforth Rd, Ste 106, Edmond, OK 73034
110 E. Houston St, 7th Floor, San Antonio, TX 78205
Copyright 2024 - Critical Fault, LLC. | Privacy Policy