Hacker Publicly Posts Data Stolen From Government-Linked Cyberespionage Group
Last week, Motherboard reported that a vigilante hacker had stolen data from a hacking group that researchers say is a government-linked cyberespionage unit. The data included GPS locations, text messages, and phone calls that the group had taken from their own victims. Now, that hacker has seemingly published the stolen data online for anyone to download.
The act itself highlights not only the fact that government hackers can sometimes face retribution, but also the ethical issues that come along with releasing such data to the public. The stolen files were seemingly from a server controlled by the so-called ZooPark group, a hacking outfit that cybersecurity researchers from Kaspersky revealed earlier this month in a report. At the time of the breach, Motherboard cross-referenced the stolen material with details in that Kaspersky report to corroborate the ZooPark link.
ZooPark used Android malware to target its victims, sometimes tricking people into installing fake applications, such as one for the independence referendum in Kurdistan, or pushing the malware through malicious websites, according to Kaspersky’s research. Now that the data is public, anyone—security researchers, nation states, or perhaps even targets themselves—can look through what ZooPark seemingly obtained through its hacking campaigns. This sort of information rarely becomes public; typically it will be kept within a circle of intelligence agencies, the hackers they may work with, or rival agencies from other nations who want to piggyback on the gathered intelligence.