A team of researchers has recently revealed that a Russian cybercriminal, who uses the moniker m1x, attacked the website portal of a Mexican government agency. It is reported that the hacker went on to release taxpayer IDs belonging to 14,000 Mexican taxpayers after the government failed to meet the ransom demands of the cyberattack.
The CEO of Lucy Security, the security awareness firm that broke news of the incident, intimated that the researchers stumbled upon the case on a cybercriminal platform in the dark web.
Data Leaked on a Public Cloud Service
According to CEO Colin Bastable, the hacker first made an announcement that he was expecting payment in crypto on the morning of June 7. It turns out that the government workers lacked experience dealing in crypto and could not make the bitcoin payment that was demand – an aspect that prevented further agreement to terms.
Consequently, by June 10, m1x had released a huge data dump including 100GB of sensitive data in custody of the Mexican government and exposed the same on a public cloud service.
Speaking on the value of leaked data, Bastable acknowledged the scale of credentials that were accessed by the hacker. The taxpayer ID numbers that were released are said to include physical addresses to where the real identities reside, and their phone numbers.
In addition, the CEO said that the cybercriminal went on to release an unspecified number of police records.
Shifting Goalposts
In an interesting twist to the case, Bastable said that m1x made a shift from his original demands – he acted in contravention to his initial plan. Considering that he gave the Mexican government a five-day ultimatum to submit the payment in ransom, it turns out that the hacker leaked the data two days before the deadline elapsed.
According to the CEO, there is no clear answer as to why m1x changed the course of his plan, although it is evident that he sought to intensify his pressure on the government.
As witnessed in the past, ransomware attacks are marked by time limits that are meant to pile psychological pressure on a victim. Typical cases are usually accompanied by the theft or deletion of breached data from the target’s servers permanently. The significance of crypto payment demands have become commonplace since such transactions are difficult to track.
Otherwise, although the occurrence of auctions is common to ransomware attacks like these, Bastable noted that the hacker opted to leak the data on a cloud service at the public’s disposal. Further, the official stated that the hacker’s primary motivator was monetary, and that the possibility that m1x is planning to release more data in the near future remains high.
Who is m1x?
While confirming the identity of hacker m1x, Alex Trafton, a director at the security firm Pinkerton, weighed in on the case and intimated that the cybercriminal has been operating for many years.
Trafton also confirmed that the hacker was Russian after speaking to a Russian translator to analyze the texts written by the cybercriminal.
Otherwise, the director stated uncertainty as far as m1x’s ties to the Russian government is concerned. This question is premised on longstanding reports that the Russian government has been known to collaborate with hackers in targeting foreign governments and corporations.
Similarly, Bastable reiterated on m1x’s years of experience in targeting companies and governments. This knowledge is pegged on the realization that the Russian cybercriminal has been visiting a dark web hacking website since the year 2009.
In conclusion, the CEO issued a warning to all Mexicans in light of the recent data leak. In his account, such leaked data presents a plethora of physical and cyber risks.
