Group-IB identifies leaked credentials of 40,000 users of government websites in 30 countries


Group-IB, an international company that specializes in preventing cyberattacks, has detected more than 40 000 compromised user credentials of online government services in 30 countries around the world.

Most of the victims were in Italy (52%), Saudi Arabia (22%) and Portugal (5%). Users’ data might have been sold on underground hacker forums or used in targeted attacks to steal money or exfiltrate sensitive information. CERT-GIB (Group-IB’s Computer Emergency Response Team) upon identification of this information promptly warned CERTs of the affected countries about the threat so that risks could be mitigated.

Group-IB Threat Intelligence has detected government websites’ user accounts compromised by cyber criminals in 30 countries. Official government portals including Poland (, Romania (,Switzerland (, the websites of Italian Ministry of Defense (, Israel Defense Forces(, the Government of Bulgaria (, the Ministry of Finance of Georgia (,Norwegian Directorate of Immigration (, the Ministries of Foreign Affairs of Romania and Italyand many other government agencies were affected by the data compromise.

Read more…