\u201cI take the data, create an edgelist, and turn it into the directed multigraph. Then I run various calculations using the SNA\/CNA methods. This helps to understand the hidden dynamics in the dataset. By doing so, I detected statistically significant communities that supported the hypothesis about bots\/cybercrime and about the real origin of these credentials. This analytical approach is based on graph theorem and helps to process data with more contextual information. From the outside, it looks like regular statistics, which it in fact is, but the inner dynamics are different. Even the database architecture has to be different than regular SQL DB.\u201d<\/i><\/strong><\/p><\/blockquote>\n Out of the analyzed data, some of the passwords were dated 2011, but there was also a portion of new passwords and mail combinations created at the end of 2019. Among usual usernames and passwords, there were also rather exotic usernames, passwords, or not so usual usernames or passwords used with a number of different email domain providers.<\/p>\n Top usernames exposed in the attack<\/i><\/p>\n The findings further revealed the top 20 email providers affected by the cyberattack, with gmail.com, hotmail.com, yahoo.com, and aol.com taking the lead.<\/p>\n Top 20 email providers exposed to the attack<\/i><\/p>\n Top first-level domains exposed to the attack<\/i><\/p>\n \u201cIn case of email reoccurrence in the dataset, there are several possible hypotheses. Either the email was used more times with different passwords, or it posed significant importance for the attackers so that they put all known existing credentials versions of the victim, or possibly the user was hacked multiple times and therefore more of his passwords have leaked. However, in case of high numbers like ~20+, chances are that the attackers simply put all available relevant password versions for the victim email into the list to be sure to succeed,\u201d the report further read.<\/strong><\/em><\/p><\/blockquote>\n Bot statistics<\/i><\/p>\n According to the researcher, if the password is used with a higher number of usernames and\/or if the username is used with a higher number of domains and has the password which is also reused frequently, it is considered suspicious.<\/p>\n Although the researcher said that no direct attribution is possible in regard to what group of people\/entities stand behind the attack, they said that the file had been found in “Russian” darknet waters.<\/p>\n \u201cBy the time of finding, governments, hospitals, power plants, and other crucial parts of infrastructure were targeted with a cyber attack, accompanied by strong propaganda on social networks. The circumstances, therefore, suggest a nation state-sponsored threat actor. This hypothesis can be stated with a high level of confidence,\u201d they added.<\/strong><\/em><\/p><\/blockquote>\n They, however, noted that it can be that somebody only wanted the attack to be attributed to Russia and China and therefore chose timing and targets suggesting the origin of the attacks.<\/p>\n Just recently, a hacking group linked with the Russian government has reportedly carried out a series of attacks<\/a> on energy, water, and power sectors of Germany. German authorities tend to believe that the efforts to compromise the country\u2019s critical infrastructure were taken by the Berserk Bear hacking group.<\/p>\n Follow us on\u00a0<\/b>Twitter<\/b><\/a>\u00a0and\u00a0<\/b>Facebook<\/b><\/a>\u00a0and join our\u00a0<\/b>Telegram channel<\/b><\/a>\u00a0to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":" This spring, an array of European countries faced a massive cyberattack campaign, with nearly 80 critical infrastructure institutions in Eastern and Central Europe affected. The attacks reportedly were in favor of Russia\u2019s and China\u2019s interests in Europe.<\/p>\n","protected":false},"author":6,"featured_media":9030,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[798],"tags":[133,1111,976,27],"class_list":["post-9024","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-investigations","tag-china","tag-cybersecurity","tag-hacks","tag-russia"],"aioseo_notices":[],"amp_enabled":true,"views":"1393","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=9024"}],"version-history":[{"count":2,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9024\/revisions"}],"predecessor-version":[{"id":9032,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9024\/revisions\/9032"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/9030"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=9024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=9024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=9024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}The Stolen Credentials Statistics<\/h2>\n
![\"Top](\"https:\/\/forklog.com\/en\/wp-content\/uploads\/2020\/06\/image1.jpg\")
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\nNo Direct Attribution Is Possible, But…<\/h2>\n