Officers of the SBU Main Department of Internal Security and cyber experts exposed a hacker attempting to steal personal data of Service’s employees with the use of malicious software.

It was established that the offender acted by order of Russian special services and was financed by Russian handlers through the banned Yandex Money payment system.

The hacker is a resident of Lviv region. He sent spam texts in the WhatsApp messenger to personal numbers of SBU employees. The messages contained links to a site hosted from the territory of Russia. The site automatically downloaded an archive file. It allegedly contained a list of SBU officers for whose murder militants of LNR / DNR terrorist organizations offered money.

In fact, according to experts, the archive contains a virus. It provides access to information on affected devices, including log files with access keys to banking system, e-mail services and social media accounts.

During searches of offender’s residence, law enforcement officers seized:

• 5 GSM gateways for 78 online channels;
• malware;
• mobile devices and flash drives;
• almost 4,000 SIM-cards of Ukrainian mobile operators.

The pre-trial investigation is ongoing.

The operation was carried out under the supervision of the Lviv Regional Prosecutor's Office.