While many associate financial hacks with stolen funds, recent incidents reveal a more complex landscape. Cybercriminals are increasingly targeting confidential employee information, which can lead to tailored phishing attacks, extortion, reputational harm, and internal disruptions within financial institutions. This blog continues our previous exploration of cybersecurity challenges in the banking and financial sector, focusing on recent breaches highlighting evolving threats to employees and customers.

The exposure of employee data—such as organizational roles, personal contact details, and work-related credentials—has become a lucrative asset for threat actors. This information enables attackers to craft convincing phishing campaigns, impersonate executives, and infiltrate critical systems. Beyond immediate financial risks, these breaches subject employees to extortion attempts, psychological distress, and potential damage to their professional reputations. Such scenarios not only harm individuals but also undermine trust in the organization as a whole.

For customers, the risks extend far beyond compromised accounts. Even when financial details remain secure, leaked personal information such as addresses, phone numbers, or account identifiers can enable identity theft and scams. Attackers often exploit this data to impersonate individuals, apply for loans, or facilitate broader fraud.

As these breaches grow in scale and sophistication, financial institutions face mounting pressure to safeguard not just customer accounts but the broader ecosystem of sensitive data. This analysis delves into recent breaches to shed light on these pressing issues and the proactive measures required to mitigate their impact.

Recent Financial Hacks & Breaches Analyzed by Constella Intelligence

1. VTB Bank – Customer Database Breach

A post on an underground forum claims to offer data allegedly linked to VTB Bank in Russia, including over 1.9 million unique email addresses. The exposed data includes personal identifiers critical for launching identity theft or phishing attacks. Given the breadth of data compromised, customers and employees alike are at risk of targeted fraud and scams.

Exposed Fields:

• Names
• Emails
• Phone numbers
• Physical addresses
• Dates of birth

2. Izipay – Customer Data Breach

Izipay, a major payment processor in Peru, appears to have been impacted by a breach exposing 1.8 million unique email addresses. The compromised information encompasses extensive details about merchants, making this breach highly impactful. The data exposed is ripe for targeted attacks, including fraud schemes, impersonation, and extortion.

Exposed Fields:

• Customer codes
• Account information
• Company names
• Operational details
• Email addresses
• Phone numbers
• Regional identifiers
• Transaction data
• Administrative records

3. Interbank – Customer Database Breach

A user on a dark web platform has shared a post alleging that Peru’s Interbank was affected by a breach exposing over 1.7 million unique email addresses. The compromised information includes sensitive personal and account-related data, which attackers could exploit to defraud customers or execute targeted phishing campaigns.

Exposed Fields:

• Full names
• Account IDs / National IDs
• Birth dates
• Addresses
• Phone numbers
• Email addresses
• IP addresses
• Credit card information

4. Bank of America – Employee Directory Breach

In the United States, Bank of America reportedly experienced a breach tied to the MOVEit vulnerability, compromising more than 280k unique emails. The breach exposed extensive employee directory information, making it a prime target for attackers seeking to craft social engineering schemes. The detailed organizational data presents significant risks, including impersonation of high-ranking officials and exploitation of internal processes for financial gain.

Exposed Fields:

• Employee codes
• Login IDs
• Full names
• Email addresses
• Phone numbers
• Job titles
• Detailed organizational information

5. PrivatBank – Customer Data Leak

Data sets allegedly tied to Ukraine’s PrivatBank, including over 400 unique emails and 237 million records, are being offered for sale online. While the number of email addresses found was low, the leak’s volume and the type of data—personal identifiers like passports and full names—pose a severe risk. Cybercriminals can use this information for identity theft, document forgery, or large-scale fraudulent activities.

Exposed Fields:

• Login IDs & Emails
• Full names
• Phone numbers
• Passport information

Conclusion

These breaches illustrate the growing sophistication of cyber threats targeting financial institutions. While direct financial theft remains a concern, the exposure of employee and customer data introduces new risks, including identity theft, extortion, and reputational damage. Addressing these challenges requires proactive and comprehensive cybersecurity measures.

As the 2024 U.S. presidential election takes place, cybersecurity analysts are on high alert, warning of voter database leaks. They are warning of an increasingly complex landscape that could jeopardize voter data security and election integrity due to voter database leaks. The face-off between Kamala Harris and Donald Trump has intensified the focus on ensuring that electoral systems remain secure and resilient against potential cyberattacks.

It is crucial to protect against breaches, leaks, and disinformation campaigns that could influence public trust and democratic outcomes. Drawing insights from Constella Intelligence, this analysis examines the specific risks and incidents shaping the current election season.

U.S. Voter Data Leaks: A Persistent Threat

The United States has become a major target for voter data leaks, experiencing significant breaches that expose a wide range of personal information. Moreover, voter data from these breaches is being actively traded on deep and dark web forums, posing an ongoing risk to voter privacy and security.

Constella Intelligence’s findings show that U.S. voter data leaks account for approximately 78% of all voter data circulating on the dark web, underscoring the nation’s unique vulnerabilities stemming from its decentralized electoral system and vast voter data infrastructure. In the U.S. alone, 23 states have suffered data breaches, impacting regions nationwide and exposing significant weaknesses in the protection of sensitive voter information.

Key examples include Florida, Texas, Michigan, and Wisconsin. Given that there are 50 states in the United States, this means that approximately 46% of states have been affected by voter data breaches, reflecting the widespread and systemic nature of these vulnerabilities.

Notable incidents since 2020 illustrate the scope of these breaches:

• Oklahoma: As shown in the previous image, a dark web forum post offered the 2024 Oklahoma voter list, including absentee voters, with instructions for accessing sensitive information for political purposes.
• Florida: Multiple significant leaks have affected Florida, including incidents in April 2020 and March 2022. These repeated exposures highlight the challenges in securing voter information in large states with complex voter registration systems and higher volumes of data, which increase their vulnerability to breaches.
• Wisconsin: A 2020 data leak compromised millions of voters, including such personal information as emails, names, phone numbers, and full addresses, showing how even isolated breaches can undermine public trust and voter security.
• Other States: States like Oklahoma, North Carolina, Pennsylvania, Michigan, Delaware, Texas, and Alaska have also reported leaks, some of which date back as far as 2013. These incidents highlight the systemic difficulties in securing voter data across state lines.

Of the 23 affected states, voter data breaches have impacted both Democratic and Republican strongholds, as well as crucial swing states, highlighting the widespread nature of the threat regardless of political affiliation or regional importance.

• Approximately 45% of Democratic-leaning states and 50% of Republican-leaning states have experienced data breaches.
• Key swing states (5%) such as Florida, Georgia, or Pennsylvania have also been impacted. Swing states are particularly important because they often decide the overall outcome of elections, making any breach in these regions potentially more impactful.

This broad geographic spread means that voters from both parties, along with undecided voters, could be affected, potentially impacting voter turnout and election trust.

Emerging Cyber Threats and Manipulation Risks in the 2024 Election

In addition to voter data leaks, other cybersecurity threats could impact the 2024 U.S. election, such as disinformation campaigns, targeted voter suppression, and foreign interference. Constella Intelligence has identified several notable cases:

• Campaign-Related Data Breaches (2024): A potential breach linked to Donald Trump’s campaign emails, allegedly involving foreign entities, exposed sensitive data. This underscores the risks posed by foreign influence operations.
• National Public Data Leak (2024): A 2024 incident exposed million records, including sensitive information of million U.S. voters, highlighting ongoing vulnerabilities in protecting voter data.

• RNC Leak (2017): This breach affected millions of voters, exposing personal details like birth dates and political affiliations. The data was used in predictive models, suggesting a risk of similar information being exploited to manipulate voter perceptions in the 2024 race.

These breaches illustrate the persistent risks of data misuse, identity theft, and election manipulation, each capable of eroding public trust in the democratic process.

Global Perspective: Voter Data Leaks Beyond the United States

Although U.S. voter data leaks are the most prevalent, other nations have also experienced significant breaches, especially during election cycles. Notable examples include:

• Mexico: High-profile breaches occurred in 2017 and 2021, including targeted attacks on political organizations like the Partido Acción Nacional (PAN).
• Israel: The 2020 elections saw a significant voter data breach, illustrating vulnerabilities even in nations with advanced cybersecurity frameworks.
• The Philippines and India: The Philippines experienced a leak in 2016, and India faced a breach in 2024, demonstrating that populous democracies remain attractive targets for cybercriminals.
• Other Nations: Countries like Iraq, Honduras, and Ukraine have also reported voter data breaches, underscoring the global nature of these threats.

Impact and Risks: Manipulating Election Outcomes Through Exposed Voter Databases

Beyond data leaks, the risks extend to manipulation tactics that leverage this exposed information. When voter databases are exposed, the personal and political information they contain can be weaponized to manipulate election outcomes in various ways:

1. Targeted Disinformation: Threat actors can use leaked data to send misleading messages, such as false voting locations or procedures, potentially causing voters to miss their opportunity to vote.
2. Voter Suppression Tactics: Leaked data allows cyber actors to discourage specific voters from participating by sending intimidating or misleading messages.
3. Identity Manipulation for Fraudulent Voting: Using personal details from leaked databases, malicious actors could impersonate registered voters to submit fraudulent ballots or alter voter rolls, causing confusion at polling stations.
4. Amplifying Polarization: By leveraging insights into voter preferences, cyber actors can create messages that heighten political divisions, influencing voters through emotional manipulation rather than factual discourse.

These tactics threaten not only individual privacy but also the integrity of the election process. When personal information is exposed, it can be used to manipulate voters, distort their perceptions, and ultimately undermine the fairness of the election. This direct impact on voter behavior erodes confidence in democratic institutions and the legitimacy of the results.

Threat Narratives: Misinformation and Disinformation Linked to Voter Data Leaks

Disinformation narratives pose significant threats because they can manipulate public perceptions and erode trust in democratic institutions. Constella Intelligence has identified several such narratives that could shape public opinion on the Dark Web:

• Electoral Fraud: We have uncovered several threads discussing how leaked voter data could be used to manipulate voter intentions. Some threat actors allege the presence of ‘fake election officials’ in Pennsylvania, the removal of mailboxes in Luzerne County, and reports of ‘a box full of ballots’ discovered in Dade County, Florida. Additionally, claims about the purging of ineligible voters in Oklahoma, including deceased individuals, coupled with a previous voter list leak in the state, raise concerns about potential manipulation of the electoral system. These posts reflect the growing polarization among citizens and contribute to speculation around voter manipulation. However, we have not conducted further investigation into these claims.

• Political Corruption: False narratives also target political figures, especially Kamala Harris and the Obamas. Harris is accused of plagiarism in her criminal justice book and collaborating with foreign countries to spy on Trump.

• Russian Disinformation Campaign: The U.S. intelligence community has reported that Russian actors could be actively spreading false information to undermine public confidence in the integrity of U.S. elections, especially in key swing states. This includes creating fake videos and articles suggesting election fraud, ballot stuffing, and cyber attacks in places like Arizona, targeting specific candidates such as Kamala Harris.

• Deep State: The idea of a ‘deep state’ aiming to control the country and silence opposition is frequently repeated. Steve Bannon, for example, is portrayed as a ‘political prisoner.’ Claims also suggest that this ‘deep state’ controls the media and censors information that could expose its actions.

• QAnon Conspiracy Theories: Some narratives align with QAnon conspiracy theories, such as mentions of ‘Agenda 47’ and references to Q. These theories, which speak of a satanic cabal controlling the world, are popular among some right-wing groups in the U.S. and often intersect with narratives about electoral fraud and political corruption.

These narratives significantly threaten democratic stability by promoting misinformation, eroding public trust, and influencing voter behavior. Data from voter databases could further be used to create targeted misinformation campaigns, aimed at voters who are already inclined to believe these narratives, thus deepening their impact on democratic processes.

Recommendations for Securing Voter Data and Upholding Electoral Integrity

In response to the rise in voter database breaches, Constella Intelligence recommends proactive measures for citizens to safeguard their data:

1. Understand Your Digital Footprint: Stay informed about the personal information that is publicly accessible, including voter data and details from breaches like the NPD leak. By being aware of what information is exposed, you can take steps to protect yourself from threat actors who may attempt to exploit this data, especially during sensitive periods like Election Day.

• Enable Two-Factor Authentication (2FA): Strengthen account security by using 2FA, which makes unauthorized access more difficult.

• Be Mindful of Social Media Posts: Exercise caution with what you share or read on social media, as AI tools now make it easier than ever to create convincing fake content. Threat actors can exploit personal information or posts to manipulate narratives, spread disinformation, or target individuals during critical times like Election Day.

• Be Cautious of Phishing Attempts: On Election Day, be especially wary of unsolicited messages claiming to provide election updates or voter information. Avoid clicking on links or downloading attachments, as scammers frequently use these tactics to steal personal data or spread disinformation during critical events like elections.

Stay vigilant against potential threats, from voter data breaches to disinformation, and take steps to protect your personal information. As you head to the polls, remember the importance of safeguarding our democratic process. Enjoy your Election Day, and best wishes to you all, America!

The geopolitical conflict between Israel and its adversaries has shifted into the digital sphere, where sophisticated cyberattacks have become a primary tool for targeting critical sectors. In recent months, cyberattacks have exposed Israeli defense data, diplomatic communications, and sensitive civilian information. Among the prominent players in this cyberwarfare is the Handala Group, a hacktivist entity leveraging advanced persistent threat (APT) tactics to disrupt Israeli operations. Other actors, such as EagleStrike and the Hunter Killer hacker group, further complicate Israel’s cybersecurity landscape.

This blog analyzes recent Israeli breaches, the types of data compromised, and the strategic implications of these attacks, offering insights into the evolving digital conflict.

Handala’s Cyber Campaign: Recent Breaches Targeting Israel

In the past few months, Handala has launched a series of attacks across various sectors in Israel, targeting critical infrastructure, government entities, and individual high-profile figures.

1. Doscast Hacked (October 10, 2024)

Handala targeted Doscast, a major audio platform for the ultra-Orthodox Jewish community. This attack disrupted the platform, which hosts a variety of commentators and conversationalists, exposing its vulnerabilities and impacting its wide user base. The symbolic nature of this hack underscores Handala’s ideological objectives, as Doscast is a prominent site within the religious community.

2. Ambassador of Israel in Germany Emails (October 8, 2024)

Handala compromised 50,000 emails from Ron Prosor, the Israeli Ambassador to Germany and former senior Mossad officer. The leaked emails expose sensitive diplomatic communications, potentially affecting Israel’s foreign relations. This breach also highlights Handala’s aggressive tactics, as they included personal threats against Prosor, claiming constant surveillance over his activities.

3. Max Shop Hacked (October 8, 2024)

The breach of Max Shop, a cloud-based terminal system used in over 9,000 stores, resulted in the theft of 1.5TB of data. The attack defaced store kiosks and sent threatening messages to 250,000 Israeli citizens. This attack directly impacted retail operations and exposed personal information, further heightening concerns over civilian data security.

4. Israeli Industrial Batteries (IIB) Leak (October 6, 2024)

Handala released 300GB of data from IIB (Israeli Industrial Batteries), a company involved in providing energy storage infrastructure to Israel’s military and defense sectors. The breach of IIB threatens the resilience of Israel’s defense logistics, particularly its energy-dependent military operations.

5. Shin Bet Hacked (October 3, 2024)

Handala successfully breached the Shin Bet’s security system, compromising their exclusive mobile security application used by officers. This attack poses a significant risk to Israel’s internal security, potentially exposing confidential communications, field agents, and counterterrorism operations.

6. Israeli Prime Minister Emails (October 2, 2024)

The group leaked 110,000 secret emails belonging to former Prime Minister Ehud Barak. Handala claims to have been surveilling Israel’s leadership for decades. This breach exposes sensitive government discussions, further undermining Israel’s internal political operations and national defense strategies.

7. Soreq Nuclear Research Center (September 28, 2024)

Handala targeted the Soreq Nuclear Research Center (NRC), a key nuclear research facility in Israel. The group claims to have stolen comprehensive data, including emails, infrastructure maps, personnel details, and administrative documents. This breach could severely compromise Israel’s nuclear capabilities and has far-reaching implications for national security.

8. Israeli Foreign Affairs Minister Emails (September 26, 2024)

Handala exposed 60,000 emails belonging to Gabi Ashkenazi, former Minister of Foreign Affairs and Chief of General Staff of the Israeli Armed Forces. The breach includes communications that could be used to disrupt Israel’s foreign policy initiatives, further eroding trust in the nation’s cybersecurity capabilities.

9. Benny Gantz Hacked (September 23-24, 2024)

Handala published 35,000 confidential emails and 2,000 private photos of Benny Gantz, the former Defense Minister. The group’s goal is not only to embarrass the official but to expose internal defense discussions. This breach is a significant escalation in the group’s attacks on individual high-profile figures, highlighting the personal risks involved for Israeli officials.

EagleStrike and the Hunter Killer Leak (September 2024)

On September 30, 2024, EagleStrike exposed a comprehensive data breach facilitated by the Hunter Killer group. The leak included critical Israeli state data, including:

• Israel MFA Access: Over 370GB of data from the Ministry of Foreign Affairs was compromised, including remote desktop access (RDP) and SharePoint credentials. This breach threatens Israeli diplomatic operations and international communications.
• Mossad Email Server Dump: 27,000 emails were leaked, revealing sensitive information from 2017 to 2023. This exposes Mossad’s covert operations and intelligence-gathering efforts, placing Israel’s security at significant risk.
• Defense Contractors: Data from Rafael Advanced Defense Systems and Elbit Systems was also part of the breach. Intellectual property and defense technology information were exposed, severely impacting Israel’s defense development.
• Military and SCADA Systems: Handala obtained access to 70 SCADA systems, which control critical infrastructure such as water and energy. The potential sabotage of these systems could lead to widespread service disruptions or worse, physical damage to key facilities.

Handala’s Extortion Tactics and Ransomware Campaigns

Handala is not only focused on cyber sabotage but also engages in ransomware and extortion, often targeting high-value industries. Notable ransomware campaigns include:

• Healthcare Sector (February – June 2024): Handala targeted hospitals and healthcare organizations, demanding 8 BTC (~$569,252 USD) in ransom. This campaign involved the theft of patient records and financial data, crippling healthcare operations.
• Defense and IT Sectors (March – May 2024): Handala launched coordinated attacks on Israel’s defense contractors and IT services. These breaches exposed proprietary technologies and military secrets, undermining Israel’s defense infrastructure.

Extortion Methods: Handala’s extortion model involves leaking data through Clearnet and TOR sites, alongside Telegram channels, if ransom demands are not met. These platforms enable Handala to continuously publicize their exploits and pressure victims.

Impacts on Israeli Citizens: Identity Theft and Civil Disruptions

While the breaches targeting government and military entities are alarming, Handala has increasingly targeted civilians, amplifying public concern over data security.

Max Shop Hack (October 2024)

This attack affected over 9,000 retail systems across Israel, leaking 1.5TB of personal and financial data from 250,000 Israeli citizens. Beyond the direct financial losses, victims are vulnerable to identity theft and phishing schemes. The hack demonstrates Handala’s capacity to disrupt civilian life and further erodes public trust in data security.

Identity Theft and Phishing Risks:

• Financial Loss: Stolen identities can be used to open fraudulent bank accounts and apply for credit.
• Phishing Campaigns: Detailed personal data enables highly targeted phishing attacks, further compromising individual security.
• Long-term Privacy Concerns: Once personal data circulates on dark web markets, it remains accessible, prolonging the risk of exploitation.

Conclusion

Handala’s cyber campaigns against Israel mark a significant escalation in digital warfare. Their attacks on critical infrastructure, defense systems, and civilian sectors have exposed substantial vulnerabilities. These breaches not only undermine Israel’s national security and diplomatic standing but also pose severe risks to individual citizens through identity theft and financial fraud.

Israel must implement a multi-layered defense strategy that includes strengthening its cybersecurity infrastructure, enhancing public awareness, and fostering international cooperation. With adversaries like Handala continuing to innovate their tactics, robust defense measures are essential to safeguard the nation’s critical assets and its people.

Increase in Cryptocurrency Leaks After Trump Supports Bitcoin

Recently, Constella Intelligence has observed an increase in attacks and data breaches resulting in cryptocurrency leaks. This surge could be partly attributed to comments made by former President Donald Trump in support of Bitcoin, which may have heightened hackers’ interest in these sites.

Former President Donald Trump has recently positioned himself as a pro-crypto presidential candidate. During his keynote speech at the Bitcoin 2024 conference in Nashville, Tennessee, held from July 25-27, 2024, Trump emphasized the transformative potential of cryptocurrencies. He pledged to make the United States a leader in Bitcoin mining and digital asset management.

These comments could have caused crypto-related sites to increase in value, making them more attractive targets for cybercriminals. As Bitcoin prices surge, the incentive for attacks on these platforms grows, highlighting the need for robust security measures.

Crypto Leaks Overview

In the first half of 2024, over 250 possible breaches or leaks related to cryptocurrencies, NFTs, and Bitcoin have been reported. These potential breaches could have affected users of various cryptocurrency platforms, including Bitcointalk, Crypto.com, Binance, eToro, and others.

Below are examples of how threat actors are offering information about these crypto-related sites on the Dark Web

Zuelacoin Data Leak:

This information was published on March 31, 2024. According to the threat actor the data includes:

• Emails
• Names
• Social media profiles (Twitter, Facebook, Telegram)

Binance Cryptocurrency Leak:

The post was made on May 27, 2024. The exposed information includes:

• Emails
• Full names
• Phones
• Countries

Mobile Apps like CashCoin, Coinbase, and KuCoin:

The threat actor “whix” published this on March 26, 2024. The exposed information includes:

• Emails
• Usernames
• Passwords
• Countries
• IP Addresses
• Payment methods

eToro Cryptocurrency Leak:

The same threat actor also reported this on March 25, 202, where the following information could be found:

• Full names
• Emails
• Countries
• IP Addresses
• Amounts
• Payment methods

Bitcointalk Cryptocurrency Leak:

According to the threat actor on March 25, 2024, a database exposing the following information was published:

• Emails
• Usernames
• Ethereum Addresses

These platforms are integral to the crypto ecosystem, providing services such as trading, wallet management, and social interaction for crypto enthusiasts.

Extent of Infostealer Exposures

Constella Intelligence has checked if the information published could have been produced as the effect of infostealer infections. This check resulted in nearly 4 million users of these cryptocurrency companies being exposed to infostealer data. Most exposures have impacted major cryptocurrency exchange platforms:

1. Binance: More than 2M users exposed.
2. EToro: More than 500k users exposed.
3. Crypto.com: More than 300k users exposed.
4. Localbitcoins: More than 200k users exposed.

Digging into the infostealer exposures, Constella Intelligence also identified what seems to be infostealer infections of potential employees of some of those companies, including Binance.com, eToro.com, Crypto.com, and Localbitcoins.com, among others.

Implications of Crypto-Related Breaches

The exposure of such extensive and sensitive information has significant and far-reaching implications as it endangers the financial security and privacy of millions of users. The compromised data can be exploited for various malicious activities:

1. Identity Theft: Personal information such as full names, addresses, and birthdays can be used to steal identities.
2. Financial Fraud: Payment methods and transaction histories can be exploited to conduct unauthorized transactions.
3. Phishing Attacks: Email addresses and social media profiles can be used to create convincing phishing scams.

Recommendations for Users

To mitigate the risks associated with the recent breaches, users should adopt the following security practices:

1. Use Strong, Unique Passwords: Ensure that each cryptocurrency account has a strong, unique password. Consider using a password manager to generate and store complex passwords securely.
2. Enable Two-Factor Authentication (2FA): Adding an extra layer of security through 2FA can significantly reduce the risk of unauthorized access to accounts.
3. Monitor Crypto Transactions Regularly: Keep a close watch on your cryptocurrency transactions and wallet activity to detect any unauthorized activities. Early detection can help prevent significant financial losses.
4. Be Wary of Phishing Attempts: Be cautious with emails and messages requesting personal information or directing you to log in to your accounts. Verify the authenticity of such requests through official channels.
5. Update Security Settings on Crypto Platforms: Regularly review and update your security settings on cryptocurrency exchanges and wallets. Ensure that all recovery options are up-to-date and secure.