Armenian Government Data Allegedly Breached, Offered for Sale on Underground Forum
Hackers operating under the alias dk0m are advertising a trove of Armenian government-related data for $2,500 on an underground cybercrime forum, prompting an official investigation in Yerevan. The dataset, claimed to contain approximately 8 million records, reportedly includes official notifications from police, judicial bodies, and other administrative communications sourced from a government notification system.
The Public Relations and Information Center of Armenia (PRIC) acknowledged the incident on Saturday, denying a breach of the country’s government email infrastructure but confirming that data may have been extracted from the electronic civil litigation platform. An internal probe is underway to determine the source and method of access.
Cybersecurity researchers at CyberHUB-AM, a non-governmental digital security group, identified dk0m as a known broker on cybercrime forums, with a history of selling government data since at least 2024. The actor typically uses infostealer malware tools designed to harvest credentials and session cookies to gain access to sensitive portals before monetizing the stolen data. Previous targets have included ministries in Argentina, Ukraine, and Brazil.
Screenshots from August 2024 suggest dk0m may have possessed Armenian government data earlier, raising concerns that the current sale is an attempt to profit from previously obtained material. If authentic, the dataset could pose significant risks, including social engineering attacks leveraging real case numbers, fines, or enforcement actions to deceive citizens into fraudulent schemes.
Source: https://therecord.media/armenia-probes-alleged-sale-government-records
The Government of the Republic of Armenia cybersecurity rating report: https://www.rankiteo.com/company/e-government-armenia
"id": "E-G1768251965",
"linkid": "e-government-armenia",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Armenian citizens',
'industry': 'Public Sector',
'location': 'Yerevan, Armenia',
'name': 'Armenian Government',
'type': 'Government'}],
'attack_vector': 'Infostealer Malware',
'customer_advisories': 'Warning about potential social engineering attacks '
'targeting citizens',
'data_breach': {'data_exfiltration': 'Yes (advertised for sale on underground '
'forum)',
'number_of_records_exposed': '8 million',
'personally_identifiable_information': 'Potential (case '
'numbers, fines, '
'enforcement actions)',
'sensitivity_of_data': 'High (government, judicial, and law '
'enforcement data)',
'type_of_data_compromised': 'Official communications, legal '
'and administrative notices, '
'judicial and police data'},
'description': 'Hackers are offering for sale a large trove of Armenian '
'government-related data, including official communications '
'from police and judicial bodies. The dataset, advertised for '
'$2,500, contains about 8 million records linked to official '
'notifications. Armenian officials have launched an '
'investigation into the potential breach.',
'impact': {'brand_reputation_impact': 'Potential damage to government '
'credibility and public trust',
'data_compromised': '8 million records',
'identity_theft_risk': 'Heightened risk of social engineering '
'attacks targeting citizens',
'operational_impact': 'Potential disruption to official '
'communications and legal/administrative '
'notices',
'systems_affected': 'Electronic civil litigation platform, '
'government notification system'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (previous sales '
'linked to Argentina, '
'Ukraine, Brazil)',
'entry_point': 'Infostealer malware (harvesting '
'saved credentials and session '
'cookies)',
'high_value_targets': 'Government portals, '
'electronic civil litigation '
'platform'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransom_demanded': '$2,500'},
'references': [{'source': 'Public Relations and Information Center of Armenia '
'(PRIC)'},
{'source': 'CyberHUB-AM'}],
'response': {'communication_strategy': 'Public statement denying breach of '
'government email infrastructure',
'incident_response_plan_activated': 'Internal probe underway'},
'threat_actor': 'dk0m',
'title': 'Alleged Sale of Armenian Government Data on Underground Forum',
'type': 'Data Breach'}