Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong to law enforcement officers and their internal systems.
The emerging trend consists of threat actors sending fake subpoenas and EDR’s (Emergency Data Requests) to their victims from the hacked law enforcement email accounts. Using such capabilities, the threat actors are targeting major technology companies such as Apple, Facebook (Meta), Snapchat, and Discord are to name a few, to collect sensitive information about targets of interest. The replies received by the bad actors contain sensitive details which could/are being used for leverage extortion, or cyberespionage. Such incidents have become especially notable in cybercriminal group activities such as LAPSUS$ and Recursion Group.
Resecurity has been observing multiple Dark Web marketplaces where cybercriminals are monetizing their efforts by selling credentials belonging to police officers of various foreign countries (e-mails, VPNs, SSO, etc.). One example of an email account previously used to send fake EDR requests on behalf of the Bangladesh Police was recently covered in a Bloomberg article illustrating the risk of such tactics.
Based on experts’ opinion, one of the biggest concerns is the visible insecurity of the law enforcement IT infrastructure, such infrastructure creates significant risk to our society, not just in cyberspace but in real life too. Organized crime, terrorists and extremist groups may leverage such access for malicious purposes.
The trend is continuing to grow in popularity as more law enforcement organizations have been impacted by cyberattacks this month. Just recently, the Conti ransomware group claimed to attack the Intelligence Agency in Peru and leaked their data which created a significant precedent in the security community. DDOS Secrets – another notable group of threat actors, has released 285,635 leaked emails from Nauru Police.
The most typical scenarios involving attacks on law enforcement systems include:
- Protest activity (15%)
- Unauthorized access (25%)
- Cyberespionage (40%)
- Law enforcement systems and applications abuse (8%)
- Data theft (12%)
Based on the published research, such malicious activity is especially visible in countries of Latin America, South-East Asia, and offshore jurisdictions. Last year, Resecurity registered a targeted security incident related to one of the law enforcement organizations in the Middle East and its counterpart in the face of one of the international police organizations.
“Sophisticated bad actors and APT groups are actively targeting law enforcement agencies worldwide. Traditional cybercriminals are also an important component in this process, as state-supported actors may be actively collaborating with them for further planned cyberattacks and targeted network intrusions. Investigation of such incidents is a complicated process due to the significant sensitivity involved,” said Christian Lees, CTO of Resecurity.
Resecurity is committed to protecting consumers and enterprises all over the globe, and is actively involved in public-private partnerships to share actionable cyber threat intelligence (CTI) with financial institutions, technology companies and law enforcement to ultimately minimize the risk of credentials being compromised and data breaches being executed.