- Статьи
- Society
- Leaked stories: hackers attacked alkomarkets, telecoms and agencies on New Year's Eve
Leaked stories: hackers attacked alkomarkets, telecoms and agencies on New Year's Eve
During the New Year vacations, online retailers faced the most powerful attacks by parser bots, Izvestia has found out. Attackers were interested in catalogs and prices of sites selling various goods, and there were attempts to hack online cash registers: hackers sought to disable them, experts said. In particular, alcoholic beverage stores, telecom companies and large retailers were under attack. In addition, cybercriminals actively tried to steal personal information of Russians through theft of bases and fraud in Telegram.
How hackers steal information
On New Year's Eve, some major Russian marketplaces and online retailers faced powerful attacks by bots-parsers, cybersecurity companies told Izvestia. And in early January, several leaks of Russian users' data became known, added Ashot Oganesyan, founder of the DLBI darknet monitoring service.
- The hackers claimed to have compromised a 1 TB Rosreestr database, i.e. more than 2 billion rows," he said. - The snippet they published as proof of the hack contains such data as full names, e-mail addresses, phone numbers, addresses, passport details, dates of birth, SNILS, places of employment.
However, Rosreestr did not confirm that data from the Unified State Register of Real Estate Objects (USRN) hadbeen leaked.
"Additional checks of the information are being conducted," the agency said in a statement in its Telegram channel.
Later, the same hackers posted data, presumably belonging to the official representative office of Kia Russia and CIS, Ashot Oganesyan noted. In this case, the published fragment contains full names, e-mail addresses, phone numbers, dates of birth, hashed passwords, IP addresses. "Izvestia" sent an inquiry to the company.
Also at the end of last year, a fragment of a database of customers, presumably from the online store for sports and recreation goods kant.ru, was made publicly available - the editors asked for a comment from the company's representatives.
Dina Fomicheva, head of the corporate clients department of the IT integrator Telecom Exchange, said that on January 1, one of the online cash register operators was among the targets of the DDoS attacks organized by hackers. After that, telecom companies became the main target.
- The main motivation of these attackers- to cause a public outcry and, apparently, to make it impossible to use communication services or the Internet, to pay for purchases because of non-working cash registers, - she emphasized.
How retail was attacked
Parsing (automated collection and structuring of information from websites) is most often used by competitors, experts say. That is, some large company pumps out catalog data, prices and other information, and then reduces the cost of goods for popular items.
- The frequency of requests from some players reached 750 thousand per minute, which is quite significant for a botnet that aims to obtain information, not to crash the service," said Anton Chemyakin, head of the analytical department of Servicepipe (specializes in information security and protection of online resources from DDoS, bots and targeted attacks).
Hackers were interested in catalogs and prices of e-com players, which are well protected from such attacks, so attackers used the holiday, believing that the vigilance of companies will be reduced.
- For example, one of our customers was attacked by a well-known botnet," he said. - We blocked it back in mid-December, after which it continued unsuccessful attempts to spar prices until December 30, and was deactivated just before New Year's Eve. On December 31, at about 8pm, the botmasters launched a new version of the botnet. By 11 a.m., the first comprehensive update to the botnet defense solution of the coming year had been tested and pumped out.
In response, the botmasters rolled out the update several times during January 1, for a total of two days of confrontation.
- Politically motivated hackers also decided to take advantage of the New Year holidays and attacked one of the players providing online cash register services on January 1, " said Anton Chemyakin. - However, in this case the attack was repelled.
On December 31, January 6 and 7, powerful bot attacks on online resources of alcoholic beverage stores were also recorded, Curator product manager Georgy Tarasov told Izvestia.
- The most large-scale attack took place on December 31. During it, 12.5 million bot requests were blocked," he emphasized. - On the other days, there were no significant spikes: there was planned bot activity, with electronics stores and goods for home, repair and recreation at the top.
The most active days in terms of the number of attacks were January 1 and 3, said Kaspersky DDoS Protection expert Vyacheslav Kirillov. It recorded 43% of the monthly volume of DDoS attacks for January 2024.
- The most attacked area turned out to be e-commerce. In addition to parsing prices on websites, there were attacks on online cash register systems: cybercriminals tried to disable systems that are traditionally loaded during long weekends," he emphasized. - The most powerful attacks were repelled by the system on New Year's Eve.
In the press office of Wildberries "Izvestia" reported that abnormal activity during the holidays did not record, all services of the marketplace worked and continue to function stably.
How scammers will start to deceive in 2025
The activity of digital swindlers on the eve of the New Year and during the New Year vacations was quite high, Alexander Vurasko, development director of the Solar AURA external cyber threat monitoring center of Solar Group, told Izvestia. Basically, fraudsters used traditional schemes, only the informational background to them changed.
- Before the New Year, we recorded the appearance of fake sites offering to buy tours, book hotels or buy tickets for New Year's performances, - he explained. - Phishing sites acting on behalf of marketplaces have not disappeared either - they appeared with enviable regularity throughout the New Year holidays.
According to the expert, hacking into Telegram accounts is another hot topic. Attackers used a variety of legends to gain access to the victim's account: premium gifts, contests and voting.
- An innovation was the use of malicious programs designed for remote administration of smartphones (RAT) in schemes around Telegram," said Alexander Vurasko. - Such programs are usually used to gain access to banking applications on smartphones and steal funds, but the legend is usually formed around a call or message from the bank's technical support service.
At the beginning of 2025, however, new scenarios emerged in which Telegram mailings were actively used, including one with a legend about a Premium account gift. During the New Year vacations, he added, phone scammers were also active.
- As a rule, they offered to invest in investment platforms, as well as introduced themselves as employees of various government agencies and cellular operators in order to swindle money from unsuspecting users," he stressed.
According to Alexander Vurasko, at the beginning of 2025, there was an increase in the use of voice and visual dipfakes to psychologically influence the victim.
Why data leaks
Most of the leaks are the work of Ukrainian "hacktivists" hacking Russian resources, Ashot Oganesyan noted. The stolen data is almost always posted in the public domain and is accompanied by active PR on pro-Ukrainian resources.
- In some cases, their closed sale takes place before that," the expert explained. - At the same time, databases containing hashed passwords are of some interest to hackers, but it depends on which resource these passwords belong to. For example, the Kia Russia and CIS leak is unlikely to arouse any interest.
Despite the fact that Rosreestr denied the information about the leak, the news about possible access to the data has worried current and future owners of real estate, said Alexander Chernokulsky, director of Zhilfond. He reminded that completely closed data of the Federal Service for Registration of Real Estate is a relatively new situation; until March 1, 2023, data on real estate and owners of objects were open and available to all comers.
- Those who were important to maintain privacy in terms of ownership of real estate, traditionally used and continue to use the registration of ownership of a legal entity, relatives, or instruments of indirect ownership, for example, through ZPIF (closed unit investment fund. - Ed.) real estate, - he said. - During the incomplete two years that the Rosreestr data became closed, the situation has not changed significantly, traditions have remained the same, habits in this regard do not change so quickly.
In the open access may be information on transactions conducted in the period from March 2023 to the end of December 2024, said the expert. According to Alexander Chernokulsky, a serious consequence of such a leak could be the fall of data into the hands of fraudsters, they can be used as a base for calling.
- Perhaps, new schemes may appear, where data on recent real estate transactions will be used as tools of pressure, - he added.
The expert reminded of the need to double-check information, to be distrustful of those who ask you to transfer money somewhere or take actions with your property, in time to seek help from loved ones and law enforcement agencies.
