It would appear that hackers managed to compromise an official Russian Foreign Ministry Twitter account on July 2, and advertised a stolen database for 66 BTC.
The Russian Foreign Ministry DSCC account, is attached to the ‘Department of Crisis Center‘ that offers guidance for Russian citizens in foreign countries. On July 2, that account became compromised as hackers managed to hijack it and post an advert supposedly for a stolen payments database. According to veteran cybersecurity expert, Graham Cluley, who broke the news, the database purported to contain tourist payment details from the Russian Federation Public Services Portal during June 2020.
The asking price for this stolen database, should it even actually exist, was 66 BTC, which converts to around $600,000 (£481,000) as I write. There is no proof that this database is held by the cybercriminals that hacked the Twitter account other than the now-deleted posting. The Russian Foreign Ministry regained control of the account later the same day, posting this tweet, which has been auto-translated by Twitter as:
“Dear readers and subscribers, we inform you about the elimination of the consequences of hacking our account by hackers who published on the morning of July 2 this year on the tape of DSCC “fakes” that have nothing to do with the Russian Foreign Ministry. The account is running normally.”
I have reached out to both the Russian Government press department and Twitter for further information, but currently, there is no confirmation of how the account ended up being compromised.
However, if other high profile account takeovers are anything to go by, then the usual suspect will be a credential stuffing attack, which often comes about as a result of password reuse or sharing. It could also be the result of a successful phishing attack or even a disgruntled insider, although, given the nature of the account, that would seem to be a highly risky move.
As this story is still breaking and little other information is known, I will leave it at that for now and update this article should any other details emerge.
Meanwhile, I can only concur with Graham Cluley that maybe implementing two-factor authentication on Twitter might have been a good idea. In case anyone from the Russian Foreign Ministry is reading, here’s all the help you need on adding that extra layer of security to your Twitter accounts.